Headline
CVE-2023-32688: Invalid push request payload crashes Parse Server
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Skip to content
Sign up
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
* All features
* Documentation
* GitHub Skills
* Blog
For
- Enterprise
- Teams
- Startups
- Education
By Solution
- CI/CD & Automation
- DevOps
- DevSecOps
Case Studies
- Customer Stories
- Resources
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Repositories
* Topics
* Trending
* Collections
Pricing
In this repository All GitHub
No suggested jump to results
In this repository All GitHub
In this organization All GitHub
In this repository All GitHub
Sign in
Sign up
parse-community / parse-server-push-adapter Public
- Notifications
- Fork 90
- Star 78
- Code
- Issues 24
- Pull requests 8
- Actions
- Projects
- Security
- Insights
More
Moderate
mtrezza published GHSA-mxhg-rvwx-x993
May 20, 2023
Package
npm parse-server-push-adapter (npm)
Affected versions
<4.1.3
Patched versions
>=4.1.3
Description
Impact
The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload.
Patches
Invalid push notification payload is caught and an logged.
Workarounds
n/a
References
- GHSA-mxhg-rvwx-x993
- #217
Severity
Moderate
4.9
/ 10
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE ID
CVE-2023-32688
Weaknesses
No CWEs
Credits
- dblythy Remediation developer
- mtrezza Remediation reviewer