PT-2025-47951 · Unknown+1 · Body-Parser+1
Jean Burellier
+3
·
Published
2025-11-24
·
Updated
2025-11-25
·
CVE-2025-13466
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:P/AU:Y |
Name of the Vulnerable Software and Affected Versions
body-parser versions prior to 2.2.1
Description
The software is susceptible to a denial of service condition resulting from inefficient processing of URL-encoded request bodies containing a large number of parameters. An attacker can exploit this by sending requests with thousands of parameters within the 100KB request size limit, leading to increased CPU and memory consumption. This can cause service degradation or outages when subjected to continuous malicious traffic.
Recommendations
Update to version 2.2.1 or later.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Body-Parser