Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-792q-q67h-w579: Parse Server may crash when uploading file without extension

Impact

Parse Server crashes when uploading a file without extension.

Patches

A permanent fix has been implemented to prevent the server from crashing.

Workarounds

There are no known workarounds.

References

  • GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
  • Patched in Parse Server 6: https://github.com/parse-community/parse-server/releases/tag/6.3.1
  • Patched in Parse Server 5 (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.6
ghsa
#vulnerability#web#nodejs#git

Skip to content

Sign up

CVE-2023-46119

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog
  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Resources

    • Learning Pathways
    • White papers, Ebooks, Webinars
    • Customer Stories
    • Partners
    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

Sign in

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-46119

Parse Server may crash when uploading file without extension

High severity GitHub Reviewed Published Oct 20, 2023 in parse-community/parse-server • Updated Oct 24, 2023

Vulnerability details Dependabot alerts 0

Package

npm parse-server (npm)

Affected versions

>= 1.0.0, < 5.5.6

>= 6.0.0, < 6.3.1

Patched versions

5.5.6

6.3.1

Description

Impact

Parse Server crashes when uploading a file without extension.

Patches

A permanent fix has been implemented to prevent the server from crashing.

Workarounds

There are no known workarounds.

References

  • GitHub security advisory: GHSA-792q-q67h-w579
  • Patched in Parse Server 6: https://github.com/parse-community/parse-server/releases/tag/6.3.1
  • Patched in Parse Server 5 (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.6

References

  • GHSA-792q-q67h-w579
  • parse-community/parse-server@686a9f2
  • parse-community/parse-server@fd86278
  • https://github.com/parse-community/parse-server/releases/tag/5.5.6
  • https://github.com/parse-community/parse-server/releases/tag/6.3.1

mtrezza published to parse-community/parse-server

Oct 20, 2023

Published to the GitHub Advisory Database

Oct 24, 2023

Reviewed

Oct 24, 2023

Last updated

Oct 24, 2023

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

No CWEs

CVE ID

CVE-2023-46119

GHSA ID

GHSA-792q-q67h-w579

Source code

parse-community/parse-server

Credits

  • chriscborg Reporter
  • mtrezza Remediation reviewer

Checking history

See something to contribute? Suggest improvements for this vulnerability.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP