CVE-2024-45590 – Denial of Service in body-parser

Severity: High2025-12-19

Security Advisories

Abstract

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.

The Oxygen products incorporate the body-parser component as a third-party library within the config-server. This advisory was opened to address the potential impact of this third-party library's vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v7.0 and olderHighOxygen Content Fusion 7.1 build build 2024100818

Mitigation

None

Detail

CVE-2024-45590

Severity: High

CVSS Score: 7.5

body-parser versions prior to 1.20.3 are vulnerable to a denial of service when URL-encoded parsing is enabled. A remote attacker can send specially crafted, repeated requests that exhaust server resources and cause service unavailability. The issue is remediated in body-parser 1.20.3.

We confirmed usage of body-parser 1.20.1 in the Oxygen Content Fusion. Instances that enable URL-encoded request parsing are exposed to the described denial-of-service condition. Starting with Oxygen Content Fusion version 7.1 build 2024100818 we updated to a patched library version.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Vibe Authoring with Oxygen AI Positron 8.0
January 21, 2026

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor