Servify Express
Approved changes feed: RSS · Atom
cpe:2.3:a:aarondoran:servify-express:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Aarondoran (d74de825-a0f7-513b-afb6-0f93af6aa411) |
|---|---|
| Product | Servify Express (ae324e1e-fbf2-51cb-8bfc-445c44d6dc31) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-67731 |
vulnerable | 2026-06-03 15:11:02.247198 |
Servify Express does not enforce rate limiting when parsing JSON
Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json() without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). Any application using the JSON parser without limits and exposed to untrusted clients is affected. The issue is not a flaw in Express itself, but in configuration. This issue is fixed in version 1.2. To work around, consider adding a limit option to the JSON parser, rate limiting at the application or reverse-proxy level, rejecting unusually large requests before parsing, or using a reverse proxy (such as NGINX) to enforce maximum request body sizes.
Published: 2025-12-12T07:40:53.047Z
Updated: 2025-12-12T20:44:17.680Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.