diff --git a/install/package.json b/install/package.json
index e5153277ab..9bb32b32d1 100644
--- a/install/package.json
+++ b/install/package.json
@@ -45,7 +45,7 @@
         "autoprefixer": "10.4.21",
         "bcryptjs": "3.0.2",
         "benchpressjs": "2.5.3",
-        "body-parser": "1.20.3",
+        "body-parser": "2.2.0",
         "bootbox": "6.0.0",
         "bootstrap": "5.3.3",
         "bootswatch": "5.3.3",
diff --git a/src/controllers/write/posts.js b/src/controllers/write/posts.js
index 7b5a016d86..884517c126 100644
--- a/src/controllers/write/posts.js
+++ b/src/controllers/write/posts.js
@@ -46,7 +46,7 @@ Posts.get = async (req, res) => {
 
 Posts.getIndex = async (req, res) => {
 	const { pid } = req.params;
-	const { sort } = req.body;
+	const { sort } = req.body || {};
 
 	const index = await api.posts.getIndex(req, { pid, sort });
 	if (index === null) {
diff --git a/src/middleware/index.js b/src/middleware/index.js
index 4c6300895e..fd0597fb6e 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -287,7 +287,9 @@ middleware.validateAuth = helpers.try(async (req, res, next) => {
 
 middleware.checkRequired = function (fields, req, res, next) {
 	// Used in API calls to ensure that necessary parameters/data values are present
-	const missing = fields.filter(field => !req.body.hasOwnProperty(field) && !req.query.hasOwnProperty(field));
+	const missing = fields.filter(
+		field => req.body && !req.body.hasOwnProperty(field) && !req.query.hasOwnProperty(field)
+	);
 
 	if (!missing.length) {
 		return next();
diff --git a/src/middleware/user.js b/src/middleware/user.js
index 261aa9c738..8fb3f51b57 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -62,8 +62,9 @@ module.exports = function (middleware) {
 				return await finishLogin(req, user);
 			} else if (user.hasOwnProperty('master') && user.master === true) {
 				// If the token received was a master token, a _uid must also be present for all calls
-				if (req.body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) {
-					user.uid = req.body._uid || req.query._uid;
+				const body = req.body || {};
+				if (body.hasOwnProperty('_uid') || req.query.hasOwnProperty('_uid')) {
+					user.uid = body._uid || req.query._uid;
 					delete user.master;
 					return await finishLogin(req, user);
 				}