PT-2024-31693 · Unknown+2 · Body-Parser+2

Adam Korcz

Published

2024-09-10

Updated

2026-06-04

CVE-2024-45590

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions: body-parser versions prior to 1.20.3

Description: The issue concerns a denial of service vulnerability when URL encoding is enabled. A malicious actor can use a specially crafted payload to flood the server with a large number of requests, resulting in denial of service.

Recommendations: For versions prior to 1.20.3, update to version 1.20.3 to resolve the issue. As a temporary workaround, consider disabling URL encoding until a patch is available. Restrict access to the server to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-405

Related Identifiers

AZL-49071

AZL-49097

AZL-49126

AZL-49149

CVE-2024-45590

GHSA-QWCR-R2FM-QRC7

Affected Products

Bitbucket

Debian

Body-Parser

PT-2024-31693 · Unknown+2 · Body-Parser+2

CVE-2024-45590

Weakness Enumeration

Related Identifiers

Affected Products

References · 23