nvd-json-data-feeds/CVE-2024/CVE-2024-455xx/CVE-2024-45590.json

{
  "id": "CVE-2024-45590",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-09-10T16:15:21.083",
  "lastModified": "2024-09-20T16:26:44.977",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
    },
    {
      "lang": "es",
      "value": "body-parser es un middleware de an\u00e1lisis de cuerpo de Node.js. body-parser en versiones anteriores a la 1.20.3 es vulnerable a la denegaci\u00f3n de servicio cuando la codificaci\u00f3n de URL est\u00e1 habilitada. Un actor malintencionado que utilice un payload especialmente manipulado podr\u00eda inundar el servidor con una gran cantidad de solicitudes, lo que provocar\u00eda una denegaci\u00f3n de servicio. Este problema se solucion\u00f3 en la versi\u00f3n 1.20.3."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-405"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:openjsf:body-parser:*:*:*:*:*:node.js:*:*",
              "versionEndExcluding": "1.20.3",
              "matchCriteriaId": "42A6B188-985D-4F15-B31B-46D67F4E3F07"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}