Primary

Context

AdonisJS Bodyparser Denial-of-Service Vulnerability in Multipart File Handling

Vulnerability

A denial-of-service vulnerability has been identified in AdonisJS versions prior to 10.1.3 and 11.0.0-next.9. The issue arises in the multipart file handling logic of the @adonisjs/bodyparser package, where the parser can accumulate an unbounded amount of data in memory while trying to detect file types during uploads. This behavior can lead to excessive memory consumption and process termination. The vulnerability affects applications that accept multipart/form-data uploads using the impacted versions of the bodyparser package.

Impact

Exploitation of this vulnerability can cause the Node.js process to run out of memory and terminate, leading to a denial-of-service condition where the application becomes unavailable to users.

Remediation

Users should upgrade to AdonisJS Bodyparser versions 10.1.3 or 11.0.0-next.9.

Added: Feb 7, 2026, 12:13 AM

Updated: Feb 7, 2026, 12:13 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

2.8

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AdonisJS Bodyparser Denial-of-Service Vulnerability in Multipart File Handling

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating