Servify Express does not enforce rate limiting when parsing JSON

Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json() without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). Any application using the JSON parser without limits and exposed to untrusted clients is affected. The issue is not a flaw in Express itself, but in configuration. This issue is fixed in version 1.2. To work around, consider adding a limit option to the JSON parser, rate limiting at the application or reverse-proxy level, rejecting unusually large requests before parsing, or using a reverse proxy (such as NGINX) to enforce maximum request body sizes.

N/A

未加控制的资源消耗(资源穷尽)

Servify Express 资源管理错误漏洞

Servify Express是Aaron doran个人开发者的一个快递包裹表单服务器。 Servify Express 1.2之前版本存在资源管理错误漏洞，该漏洞源于Express服务器未设置JSON解析大小限制，可能导致拒绝服务攻击。

N/A

N/A