Invalid push request payload crashes Parse Server · CVE-2023-32688 · GitHub Advisory Database · GitHub

Invalid push request payload crashes Parse Server

Moderate severity GitHub Reviewed Published May 20, 2023 in parse-community/parse-server-push-adapter • Updated Nov 4, 2023

Package

parse-server-push-adapter (npm)

Affected versions

< 4.1.3

Patched versions

4.1.3

Description

Impact

The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload.

Patches

Invalid push notification payload is caught and an logged.

Workarounds

n/a

References

References

mtrezza published to parse-community/parse-server-push-adapter

May 20, 2023

Published to the GitHub Advisory Database May 22, 2023

Reviewed May 22, 2023

Published by the National Vulnerability Database

May 27, 2023

Last updated Nov 4, 2023

Severity

Moderate

4.9

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H