Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for body-parser by openjsf

    CVE-2026-12590 (GCVE-0-2026-12590)

    Vulnerability from nvd – Published: 2026-07-09 10:21 – Updated: 2026-07-09 12:06
    VLAI
    Title
    body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement
    Summary
    Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. Patches: This issue is fixed in body-parser 1.20.6 and 2.3.0. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    body-parser body-parser Affected: 0 , < 1.20.6 (semver)
    Unaffected: 1.20.6 (semver)
    Affected: 2.0.0 , < 2.3.0 (semver)
    Unaffected: 2.3.0 (semver)
    Create a notification for this product.
    Credits
    Phillip9587 UlisesGascon bjohansebas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:05:36.853756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:06:01.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/body-parser",
              "product": "body-parser",
              "vendor": "body-parser",
              "versions": [
                {
                  "lessThan": "1.20.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "1.20.6",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.3.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Phillip9587"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "bjohansebas"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. Patches: This issue is fixed in body-parser 1.20.6 and 2.3.0. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number."
                }
              ],
              "value": "Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. Patches: This issue is fixed in body-parser 1.20.6 and 2.3.0. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T10:21:10.447Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6"
            },
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-12590",
        "datePublished": "2026-07-09T10:21:10.447Z",
        "dateReserved": "2026-06-18T08:44:10.977Z",
        "dateUpdated": "2026-07-09T12:06:01.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45590 (GCVE-0-2024-45590)

    Vulnerability from nvd – Published: 2024-09-10 15:54 – Updated: 2024-09-10 18:47
    VLAI
    Title
    body-parser vulnerable to denial of service when url encoding is enabled
    Summary
    body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-405 - Asymmetric Resource Consumption (Amplification)
    Assigner
    References
    Impacted products
    Vendor Product Version
    expressjs body-parser Affected: < 1.20.3
    Create a notification for this product.
    expressjs body-parser Affected: 0 , < 1.20.3 (custom)
        cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "body-parser",
                "vendor": "expressjs",
                "versions": [
                  {
                    "lessThan": "1.20.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T18:42:41.773305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T18:47:22.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "body-parser",
              "vendor": "expressjs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.20.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-405",
                  "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T15:54:02.330Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
            },
            {
              "name": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
            }
          ],
          "source": {
            "advisory": "GHSA-qwcr-r2fm-qrc7",
            "discovery": "UNKNOWN"
          },
          "title": "body-parser vulnerable to denial of service when url encoding is enabled"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45590",
        "datePublished": "2024-09-10T15:54:02.330Z",
        "dateReserved": "2024-09-02T16:00:02.422Z",
        "dateUpdated": "2024-09-10T18:47:22.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-12590 (GCVE-0-2026-12590)

    Vulnerability from cvelistv5 – Published: 2026-07-09 10:21 – Updated: 2026-07-09 12:06
    VLAI
    Title
    body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement
    Summary
    Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. Patches: This issue is fixed in body-parser 1.20.6 and 2.3.0. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    body-parser body-parser Affected: 0 , < 1.20.6 (semver)
    Unaffected: 1.20.6 (semver)
    Affected: 2.0.0 , < 2.3.0 (semver)
    Unaffected: 2.3.0 (semver)
    Create a notification for this product.
    Credits
    Phillip9587 UlisesGascon bjohansebas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T12:05:36.853756Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T12:06:01.554Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageURL": "pkg:npm/body-parser",
              "product": "body-parser",
              "vendor": "body-parser",
              "versions": [
                {
                  "lessThan": "1.20.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "1.20.6",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.3.0",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                },
                {
                  "status": "unaffected",
                  "version": "2.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Phillip9587"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "UlisesGascon"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "bjohansebas"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. Patches: This issue is fixed in body-parser 1.20.6 and 2.3.0. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number."
                }
              ],
              "value": "Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser is configured with an invalid limit option value such as an unparseable string or NaN, bytes.parse returns null and the request body size check is silently skipped. Applications that rely on limit as their primary safeguard against oversized request bodies will accept arbitrarily large payloads, leading to excessive memory and CPU usage and denial of service. Patches: This issue is fixed in body-parser 1.20.6 and 2.3.0. After the fix, invalid limit values throw a clear error at parser construction time instead of silently disabling enforcement, while null and undefined continue to fall back to the default limit of 100kb. Workarounds: Validate the limit value before passing it to body-parser. For example, parse the value at startup and reject any configuration where the result is null or a non-finite number."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T10:21:10.447Z",
            "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
            "shortName": "openjs"
          },
          "references": [
            {
              "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-v422-hmwv-36x6"
            },
            {
              "url": "https://cna.openjsf.org/security-advisories.html"
            }
          ],
          "title": "body-parser vulnerable to denial of service when invalid limit value silently disables size enforcement",
          "x_generator": {
            "engine": "cve-kit 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "assignerShortName": "openjs",
        "cveId": "CVE-2026-12590",
        "datePublished": "2026-07-09T10:21:10.447Z",
        "dateReserved": "2026-06-18T08:44:10.977Z",
        "dateUpdated": "2026-07-09T12:06:01.554Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45590 (GCVE-0-2024-45590)

    Vulnerability from cvelistv5 – Published: 2024-09-10 15:54 – Updated: 2024-09-10 18:47
    VLAI
    Title
    body-parser vulnerable to denial of service when url encoding is enabled
    Summary
    body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-405 - Asymmetric Resource Consumption (Amplification)
    Assigner
    References
    Impacted products
    Vendor Product Version
    expressjs body-parser Affected: < 1.20.3
    Create a notification for this product.
    expressjs body-parser Affected: 0 , < 1.20.3 (custom)
        cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "body-parser",
                "vendor": "expressjs",
                "versions": [
                  {
                    "lessThan": "1.20.3",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45590",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-10T18:42:41.773305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-10T18:47:22.965Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "body-parser",
              "vendor": "expressjs",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.20.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-405",
                  "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-10T15:54:02.330Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
            },
            {
              "name": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
            }
          ],
          "source": {
            "advisory": "GHSA-qwcr-r2fm-qrc7",
            "discovery": "UNKNOWN"
          },
          "title": "body-parser vulnerable to denial of service when url encoding is enabled"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-45590",
        "datePublished": "2024-09-10T15:54:02.330Z",
        "dateReserved": "2024-09-02T16:00:02.422Z",
        "dateUpdated": "2024-09-10T18:47:22.965Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }