Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Servify Express does not enforce rate limiting when parsing JSON
Vulnerability Description
Servify Express is a Node.js package to start an Express server and log the port it's running on. Prior to 1.2, the Express server used express.json() without a size limit, which could allow attackers to send extremely large request bodies. This can cause excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). Any application using the JSON parser without limits and exposed to untrusted clients is affected. The issue is not a flaw in Express itself, but in configuration. This issue is fixed in version 1.2. To work around, consider adding a limit option to the JSON parser, rate limiting at the application or reverse-proxy level, rejecting unusually large requests before parsing, or using a reverse proxy (such as NGINX) to enforce maximum request body sizes.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Servify Express 资源管理错误漏洞
Vulnerability Description
Servify Express是Aaron doran个人开发者的一个快递包裹表单服务器。 Servify Express 1.2之前版本存在资源管理错误漏洞,该漏洞源于Express服务器未设置JSON解析大小限制,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A