CVE-2022-31089

HIGH7.5EPSS 0.33%

Invalid file request can crash server

Published: 6/20/2022Modified: 12/6/2023

Also known as:GHSA-xw6g-jjvf-wwf9BIT-parse-2022-31089

Description

### Impact Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high. ### Patches To prevent this, invalid requests are now properly handled. ### Workarounds None ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9 - https://github.com/parse-community/parse-server ### For more information - For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org/) or [community chat](http://chat.parseplatform.org/) - Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org/)

Affected packages (2)

Bitnami/parsefrom 0, < 4.10.12, >= 5.0.0, < 5.2.3
npm/parse-serverfrom 0, < 4.10.12

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Affected packages (2)

CVSS scores

References (4)