@parse/push-adapter is vulnerable to Denial Of Services (DoS). The vulnerability exists because the library does not properly validate the push notification payload, which allows an attacker to crash the parse server by providing an invalid push notification payload.
CPE | Name | Operator | Version |
---|---|---|---|
@parse/push-adapter | le | 4.1.2 | |
parse-server-push-adapter | le | 2.0.2 | |
@parse/push-adapter | le | 4.1.2 | |
parse-server-push-adapter | le | 2.0.2 |
github.com/advisories/GHSA-mxhg-rvwx-x993
github.com/parse-community/parse-server-push-adapter/commit/598cb84d0866b7c5850ca96af920e8cb5ba243ec
github.com/parse-community/parse-server-push-adapter/pull/217
github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993