Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31089

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue.

CVE
Open in Source
#vulnerability#nodejs#js#git#perl

Invalid file request can crash server

Package

npm parse-server (npm)

Affected versions

(<4.10.12) || (>=5.0.0 <5.2.3)

Patched versions

(>=4.10.12 <5.0.0) || (>=5.2.3)

Description

Impact

Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high.

Patches

To prevent this, invalid requests are now properly handled.

Workarounds

None

References

  • GHSA-xw6g-jjvf-wwf9
  • https://github.com/parse-community/parse-server

For more information

  • For questions or comments about this vulnerability visit our community forum or community chat
  • Report other vulnerabilities at report.parseplatform.org

Related news

GHSA-xw6g-jjvf-wwf9: Invalid file request can crash server

### Impact Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high. ### Patches To prevent this, invalid requests are now properly handled. ### Workarounds None ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9 - https://github.com/parse-community/parse-server ### For more information - For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org/) or [community chat](http://chat.parseplatform.org/) - Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org/)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE