Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jul 2023, 19:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 |
Information
Published : 2022-10-24 14:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-39313
Mitre link : CVE-2022-39313
CVE.ORG link : CVE-2022-39313
JSON object : View
Products Affected
parseplatform
- parse-server
CWE
CWE-1284
Improper Validation of Specified Quantity in Input