HIGH 7.5 npm
Parse Server before v3.4.1 vulnerable to Denial of Service
GHSA-2479-qvv7-47qq · CVE-2019-1020012
Published · Modified
Description
Impact
If a POST request is made to /parse/classes/_Audience (or other volatile class), any subsuquent POST requests result in an internal server error (500).
Patches
Afflicted installations will also have to remove the offending collection from their database.
Yes, patched in 3.4.1
Workarounds
Yes, user can apply: https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5
References
Nothing other than this advisory at this time
For more information
If you have any questions or comments about this advisory:
- Open an issue in parse-server
- Email us at security@parseplatform.org
References
- WEB https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-1020012
- ADVISORY https://github.com/advisories/GHSA-2479-qvv7-47qq
- PACKAGE https://github.com/parse-community/parse-server
- WEB https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635
- WEB https://www.npmjs.com/advisories/1113
Ready to move
Start Securing
Free, no credit card | First findings in minutes