Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1teGhnLXJ2d3gteDk5M84AAzbC
Invalid push request payload crashes Parse Server
Impact
The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload.
Patches
Invalid push notification payload is caught and an logged.
Workarounds
n/a
References
- https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
- https://github.com/parse-community/parse-server-push-adapter/pull/217
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1teGhnLXJ2d3gteDk5M84AAzbC
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 7 months ago
CVSS Score: 4.9
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-mxhg-rvwx-x993, CVE-2023-32688
References:
- https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
- https://github.com/parse-community/parse-server-push-adapter/pull/217
- https://github.com/parse-community/parse-server-push-adapter/commit/598cb84d0866b7c5850ca96af920e8cb5ba243ec
- https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
- https://nvd.nist.gov/vuln/detail/CVE-2023-32688
- https://github.com/advisories/GHSA-mxhg-rvwx-x993
Blast Radius: 8.2
Affected Packages
npm:parse-server-push-adapter
Dependent packages: 40Dependent repositories: 47
Downloads: 3,932 last month
Affected Version Ranges: < 4.1.3
Fixed in: 4.1.3
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.1.0, 1.2.0, 1.3.0, 2.0.0, 2.0.1, 2.0.2
All unaffected versions: