Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(express): Update express to version 4.21.1 to fix high level severity CVE-2024-45590 (body-parser dependency) #3543

Merged
merged 1 commit into from
Oct 31, 2024

Conversation

BitPhoenix
Copy link
Contributor

Update express to version 4.21.1

This version of express uses body-parser@1.20.3 which contains a fix for high level severity CVE-2024-45590

"body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
https://nvd.nist.gov/vuln/detail/CVE-2024-45590

Link for comparing express 4.19.2 / 4.21.1 releases: expressjs/express@4.19.2...4.21.1

image

This version of express uses body-parser@1.20.3 which contains a fix for high level severity CVE-2024-45590

https://nvd.nist.gov/vuln/detail/CVE-2024-45590
@BitPhoenix
Copy link
Contributor Author

@daffl Hey daffl nice to meet you! I wasn't sure if I should set a pull request reviewer or not - it doesn't seem like I have the permission to do so I left it blank for the moment

@daffl daffl changed the title Update express to version 4.21.1 to fix high level severity CVE-2024-45590 (body-parser dependency) fix(express): Update express to version 4.21.1 to fix high level severity CVE-2024-45590 (body-parser dependency) Oct 31, 2024
@daffl daffl merged commit 56d6151 into feathersjs:dove Oct 31, 2024
0 of 2 checks passed
@daffl
Copy link
Member

daffl commented Oct 31, 2024

Thank you for the pull request. Update dependencies have been published in 5.0.31

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants