CVE-2024-45590: High-Severity DoS Vulnerability in Express.js body-parser <1.20.3

A high-severity denial-of-service (DoS) vulnerability has been disclosed in the widely used `body-parser` middleware for Node.js. Tracked as CVE-2024-45590, the flaw allows a malicious actor to crash servers by sending a flood of specially crafted requests when URL encoding is enabled. This vulnerability is present in all versions of `body-parser` prior to 1.20.3, putting countless Express.js applications at immediate risk of disruption.

The vulnerability resides in the library's handling of URL-encoded payloads. An attacker can exploit this weakness to overwhelm a server's resources, rendering it unresponsive and causing a denial of service. The issue was identified and patched in version 1.20.3 of the `body-parser` package. The advisory explicitly states that versions below this threshold, including the commonly referenced 1.13.3, are vulnerable and must be updated.

This flaw represents a critical infrastructure risk for the Node.js ecosystem. `body-parser` is a foundational dependency for parsing incoming request data in Express.js applications, one of the most popular web frameworks. The ease of exploitation—sending malicious payloads—means automated attacks are a significant threat. Developers and security teams must prioritize upgrading to `body-parser` version 1.20.3 or later to mitigate this attack vector and prevent potential service outages.