CVE-2024-45590

EPSS 2.07%
Veröffentlicht 10.09.2024 16:15:21
Zuletzt bearbeitet 20.09.2024 16:26:44
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openjsf ≫ Body-parser SwPlatformnode.js Version < 1.20.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.07%	0.834

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 Asymmetric Resource Consumption (Amplification)

The product does not properly control situations in which an adversary can cause the product to consume or produce excessive resources without requiring the adversary to invest equivalent work or otherwise prove authorization, i.e., the adversary's influence is "asymmetric."

https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce

Patch

https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-45590

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45590

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45590

EUVD