Body-Parser vulnerabilities

CVE-2025-13466 [MEDIUM] CWE-400 CVE-2025-13466: body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodi body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under s

CVE-2024-45590 [HIGH] CWE-405 body-parser vulnerable to denial of service when url encoding is enabled body-parser vulnerable to denial of service when url encoding is enabled ### Impact body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. ### Patches this issue is patched in 1.20.3 ### References