Resource exhaustion in Body-parser

CVE-2025-13466

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.003 (26.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References