Description
The API endpoints do not limit incoming request body sizes. An attacker can send extremely large payloads to exhaust server memory and CPU, causing a denial of service.
Suggested Fix
Implement request body size limits using middleware (e.g., body-parser limit option or nginx client_max_body_size).
Description
The API endpoints do not limit incoming request body sizes. An attacker can send extremely large payloads to exhaust server memory and CPU, causing a denial of service.
Suggested Fix
Implement request body size limits using middleware (e.g.,
body-parserlimit option or nginxclient_max_body_size).