Описание
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 3 | body-parser | Affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-view-plugin-rhel9 | Not affected | ||
| Migration Toolkit for Applications 7 | mta/mta-cli-rhel9 | Will not fix | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Will not fix | ||
| Migration Toolkit for Runtimes | body-parser | Affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Not affected | ||
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel8 | Not affected | ||
| Node HealthCheck Operator | workload-availability/node-remediation-console-rhel8 | Will not fix | ||
| OpenShift Lightspeed | openshift-lightspeed-beta/lightspeed-console-plugin-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
body-parser vulnerable to denial of service when url encoding is enabled
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is ...
body-parser vulnerable to denial of service when url encoding is enabled
EPSS
7.5 High
CVSS3