Skip to content

Invalid file request can crash server

High
mtrezza published GHSA-xw6g-jjvf-wwf9 Jun 17, 2022

Package

npm parse-server (npm)

Affected versions

(<4.10.12) || (>=5.0.0 <5.2.3)

Patched versions

(>=4.10.12 <5.0.0) || (>=5.2.3)

Description

Impact

Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high.

Patches

To prevent this, invalid requests are now properly handled.

Workarounds

None

References

For more information

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE ID

CVE-2022-31089

Weaknesses

No CWEs

Credits