Lucene search
Veracode Vulnerability DatabaseVERACODE:37680HistoryOct 25, 2022 - 5:42 a.m.
Denial Of Service (DoS)
2022-10-2505:42:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
parse-server
vulnerability
denial of service
user inputs
file download
invalid byte range
application crash
0.001 Low
EPSS
Percentile
38.4%
parse-server is vulnerable to denial of service. The vulnerability exists in multiple functions due to user inputs not properly validated which allows an attacker to send a file download request with an invalid byte range causing an application crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| parse-server | le | 4.10.16 | |
| parse-server | le | 5.3.0-alpha.28 | |
| parse-server | le | 4.10.16 | |
| parse-server | le | 5.3.0-alpha.28 |
References
github.com/parse-community/parse-server/commit/3d7a61ecd5231638f01ff1a965b6313043c594a7
github.com/parse-community/parse-server/commit/c03908f74e5c9eed834874a89df6c89c1a1e849f
github.com/parse-community/parse-server/pull/8236
github.com/parse-community/parse-server/pull/8238
github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3
Related
osv
osv
BIT-parse-2022-39313
2024-03-06 11:01:42
CVE-2022-39313
2022-10-24 14:15:51
cve
cve
CVE-2022-39313
2022-10-24 14:15:51
github
github
nvd
nvd
CVE-2022-39313
2022-10-24 14:15:51
cvelist
cvelist
prion
prion
Design/Logic Flaw
2022-10-24 14:15:00