Resource exhaustion in Body-parser
CVE-2025-13466
body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request…
Vulnerability class: DoS (Denial of Service)
EPSS: 0.003 (26.1th percentile) — read the EPSS interpretation.
Affected products
- Body-parser — versions 2.2.0
Weakness classification (CWE)
References
- ce714d77-add3-4f53-aff5-83d477b104bb (vendor-advisory)