Unrestricted Resource Consumption in Node.js (Express) [GHSA-6q5m-63h6-5x4v]

Unrestricted Resource Consumption in Node.js (Express) can cause outages and degraded service when attackers overwhelm a server with large or crafted payloads. In practice, memory and CPU usage can spike as request bodies and processing accumulate in memory, leading to GC pressure, OOM errors, and cascading failures across the app. Note: no CVEs are provided for reference in this guide. In Node.js/Express, unbounded parsing, buffering, and in-memory processing of inputs are common culprits. Endpoints that accept large JSON bodies, file uploads, or streaming data without size caps are prime targets for denial-of-service or resource exhaustion. This class of vulnerability is primarily an availability issue rather than a correctness bug, and it can be triggered by both bursts and sustained traffic. Mitigations are defense-in-depth: enforce strict input size limits, avoid buffering large payloads in memory, and stream or store large uploads on disk. Combine rate limiting, timeouts, and resource quotas with input validation and monitoring. Review middleware configuration (body parsers, file upload libraries), set safe defaults, and test with load simulations to verify resilience.