Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
body-parser vulnerable to denial of service when url encoding is used
Vulnerability Description
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
body-parser 安全漏洞
Vulnerability Description
body-parser是expressjs开源的一个 Node.js 解析中间件。 body-parser 2.2.0版本存在安全漏洞,该漏洞源于对URL编码体的低效处理,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A