parse-server is vulnerable to denial of service. The vulnerability exists in multiple functions due to user inputs not properly validated which allows an attacker to send a file download request with an invalid byte range causing an application crash.
CPE | Name | Operator | Version |
---|---|---|---|
parse-server | le | 4.10.16 | |
parse-server | le | 5.3.0-alpha.28 | |
parse-server | le | 4.10.16 | |
parse-server | le | 5.3.0-alpha.28 |
github.com/parse-community/parse-server/commit/3d7a61ecd5231638f01ff1a965b6313043c594a7
github.com/parse-community/parse-server/commit/c03908f74e5c9eed834874a89df6c89c1a1e849f
github.com/parse-community/parse-server/pull/8236
github.com/parse-community/parse-server/pull/8238
github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3