Lucene search
Veracode Vulnerability DatabaseVERACODE:40653HistoryMay 24, 2023 - 3:48 a.m.
Denial Of Services (DoS)
2023-05-2403:48:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
vulnerability
parse server
push notification
payload
crash
0.003 Low
EPSS
Percentile
69.3%
@parse/push-adapter is vulnerable to Denial Of Services (DoS). The vulnerability exists because the library does not properly validate the push notification payload, which allows an attacker to crash the parse server by providing an invalid push notification payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @parse/push-adapter | le | 4.1.2 | |
| parse-server-push-adapter | le | 2.0.2 | |
| @parse/push-adapter | le | 4.1.2 | |
| parse-server-push-adapter | le | 2.0.2 |
References
github.com/advisories/GHSA-mxhg-rvwx-x993
github.com/parse-community/parse-server-push-adapter/commit/598cb84d0866b7c5850ca96af920e8cb5ba243ec
github.com/parse-community/parse-server-push-adapter/pull/217
github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
Related
prion
prion
Design/Logic Flaw
2023-05-27 04:15:00
osv
osv
CVE-2023-32688
2023-05-27 04:15:25
Invalid push request payload crashes Parse Server
2023-05-22 19:50:04
nvd
nvd
CVE-2023-32688
2023-05-27 04:15:25
cve
cve
CVE-2023-32688
2023-05-27 04:15:25
cvelist
cvelist
CVE-2023-32688 Invalid push request payload crashes Parse Server
2023-05-27 03:21:27
github
github
Invalid push request payload crashes Parse Server
2023-05-22 19:50:04