Skip to content

fix(deps): update dependency body-parser to v1.20.3 [security]#186

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-body-parser-vulnerability
Open

fix(deps): update dependency body-parser to v1.20.3 [security]#186
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-body-parser-vulnerability

Conversation

@renovate

@renovate renovate Bot commented May 7, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
body-parser 1.20.21.20.3 age confidence

body-parser vulnerable to denial of service when url encoding is enabled

CVE-2024-45590 / GHSA-qwcr-r2fm-qrc7

More information

Details

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References

Severity

  • CVSS Score: 8.7 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

expressjs/body-parser (body-parser)

v1.20.3

Compare Source

===================

  • deps: qs@​6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 3 times, most recently from 347b606 to f3c7452 Compare May 11, 2025 16:04
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from 5ba977e to 4a33398 Compare June 6, 2025 19:03
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 4a33398 to e59190e Compare June 14, 2025 08:08
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from e59190e to 013e810 Compare July 12, 2025 23:50
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 013e810 to 6dea6a3 Compare July 20, 2025 20:00
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 7 times, most recently from 387e177 to f319522 Compare August 10, 2025 04:42
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 3 times, most recently from 16e616e to d5a2eaf Compare August 19, 2025 12:07
@renovate renovate Bot changed the title fix(deps): update dependency body-parser to v1.20.3 [security] fix(deps): update dependency body-parser to v2 [security] Nov 25, 2025
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from d5a2eaf to a254c58 Compare November 25, 2025 14:26
@renovate renovate Bot changed the title fix(deps): update dependency body-parser to v2 [security] fix(deps): update dependency body-parser to v1.20.3 [security] Nov 26, 2025
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from a254c58 to 9e1d0a8 Compare November 26, 2025 11:34
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from ff980a0 to c50f4c4 Compare December 14, 2025 12:05
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from c50f4c4 to a756357 Compare January 27, 2026 03:11
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from a756357 to f770fa3 Compare February 4, 2026 23:42
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from f770fa3 to 90415e0 Compare April 30, 2026 02:11
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 90415e0 to 0f69b3d Compare May 7, 2026 17:07
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from aa5e2d7 to e03d723 Compare May 26, 2026 03:52
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from 7389e40 to 76aa901 Compare June 7, 2026 19:04
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 76aa901 to 161be9c Compare June 20, 2026 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants