CVE-2025-13466
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-11-24
Assigner: openjs
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| body-parser | body-parser | 2.2.0 |
| body-parser | body-parser | 2.2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in body-parser 2.2.0 is a denial of service issue caused by inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send requests containing thousands of parameters within the default 100KB request size limit, which causes elevated CPU and memory usage. This can slow down the service or cause partial outages if the malicious traffic is sustained.
How can this vulnerability impact me? :
This vulnerability can impact you by causing your service to slow down or partially go offline due to high CPU and memory usage triggered by malicious requests with many parameters. This can degrade the availability and performance of your application under attack.
What immediate steps should I take to mitigate this vulnerability?
Upgrade body-parser to version 2.2.1 or later, where this vulnerability is fixed. Additionally, consider implementing request size limits and parameter count limits to reduce the risk of denial of service from large URL-encoded payloads.