Bug 2311171 (CVE-2024-45590) - CVE-2024-45590 body-parser: Denial of Service Vulnerability in body-parser
Summary: CVE-2024-45590 body-parser: Denial of Service Vulnerability in body-parser
Keywords:
Status: NEW
Alias: CVE-2024-45590
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2311191 2311204 2311208 2311211 2311213 2311220 2311223 2311233 2311239 2311241 2311247 2311250 2311257 2311258 2311261 2311262 2311263 2311264 2311265 2311266 2311267 2311268 2311269 2311270 2311271 2311272 2311273 2311274 2311275 2311276 2311277 2311278 2311279 2311280 2311281 2311182 2311183 2311196 2311198 2311217 2311225 2311227 2311244 2311252 2311259 2311260
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-09-10 16:20 UTC by OSIDB Bzimport
Modified: 2024-10-30 14:34 UTC (History)
172 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:7725 0 None None None 2024-10-07 09:26:15 UTC
Red Hat Product Errata RHSA-2024:7726 0 None None None 2024-10-07 09:25:28 UTC
Red Hat Product Errata RHSA-2024:8014 0 None None None 2024-10-22 01:07:09 UTC
Red Hat Product Errata RHSA-2024:8676 0 None None None 2024-10-30 14:34:34 UTC

Description OSIDB Bzimport 2024-09-10 16:20:54 UTC 
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
Comment 1 errata-xmlrpc 2024-10-07 09:25:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.6 for RHEL 8
  Red Hat OpenShift Service Mesh 2.6 for RHEL 9

Via RHSA-2024:7726 https://access.redhat.com/errata/RHSA-2024:7726
Comment 2 errata-xmlrpc 2024-10-07 09:26:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Service Mesh 2.5 for RHEL 8

Via RHSA-2024:7725 https://access.redhat.com/errata/RHSA-2024:7725
Comment 3 errata-xmlrpc 2024-10-22 01:07:02 UTC 
This issue has been addressed in the following products:

  NETWORK-OBSERVABILITY-1.7.0-RHEL-9

Via RHSA-2024:8014 https://access.redhat.com/errata/RHSA-2024:8014
Comment 4 errata-xmlrpc 2024-10-30 14:34:24 UTC 
This issue has been addressed in the following products:

  RHODF-4.17-RHEL-9

Via RHSA-2024:8676 https://access.redhat.com/errata/RHSA-2024:8676
Note You need to log in before you can comment on or make changes to this bug.