CVE-2025-67731

Name of the Vulnerable Software and Affected Versions Servify Express versions prior to 1.2

Description Servify Express is a Node.js package used to start an Express server and log the port it is running on. Versions prior to 1.2 utilize express.json() without a size limit, potentially allowing attackers to send excessively large request bodies. This can lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). Applications using the JSON parser without limits and exposed to untrusted clients are susceptible. The issue stems from configuration rather than a flaw within Express itself.

Recommendations Versions prior to 1.2 should be updated to version 1.2. Consider adding a limit option to the JSON parser. Implement rate limiting at the application or reverse-proxy level. Reject unusually large requests before parsing. Utilize a reverse proxy, such as NGINX, to enforce maximum request body sizes.