VYPR
Medium severityGHSA Advisory· Published Nov 24, 2025· Updated Apr 15, 2026

CVE-2025-13466

CVE-2025-13466

Description

body-parser 2.2.0 is vulnerable to denial of service due to inefficient handling of URL-encoded bodies with very large numbers of parameters. An attacker can send payloads containing thousands of parameters within the default 100KB request size limit, causing elevated CPU and memory usage. This can lead to service slowdown or partial outages under sustained malicious traffic. This issue is addressed in version 2.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
body-parsernpm
>= 2.2.0, < 2.2.12.2.1

Affected products

74

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.