Veracode Vulnerability DatabaseVERACODE:40653Denial Of Services (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.6%
@parse/push-adapter is vulnerable to Denial Of Services (DoS). The vulnerability exists because the library does not properly validate the push notification payload, which allows an attacker to crash the parse server by providing an invalid push notification payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @parse/push-adapter | le | 4.1.2 | |
| parse-server-push-adapter | le | 2.0.2 | |
| @parse/push-adapter | le | 4.1.2 | |
| parse-server-push-adapter | le | 2.0.2 |
References
github.com/advisories/GHSA-mxhg-rvwx-x993
github.com/parse-community/parse-server-push-adapter/commit/598cb84d0866b7c5850ca96af920e8cb5ba243ec
github.com/parse-community/parse-server-push-adapter/pull/217
github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
50.6%