Denial Of Service (DoS)

parse-server is vulnerable to denial of service. The vulnerability exists in multiple functions due to user inputs not properly validated which allows an attacker to send a file download request with an invalid byte range causing an application crash...

Parse Server 输入验证错误漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An input validation error vulnerability exists in Parse Server prior to version 4.10.17 and version 5.x prior to version 5.2.8, which stems from a crash upon receiving a file download request...

GHSA-H423-W6QV-2WJ3 parse-server crashes when receiving file download request with invalid byte range

Impact Parse Server crashes when a file download request is received with an invalid byte range. Patches Improved parsing of the range parameter to properly handle invalid range requests. Workarounds None References - GHSA-h423-w6qv-2wj3...

PT-2022-24895 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.17 Parse Server versions prior to 5.2.8 on the 5.x branch Description: The issue occurs when a file download request is received with an invalid byte range, causing the server to crash and resulting in a...