HIGH 7.5 npm
parse-server crashes when receiving file download request with invalid byte range
GHSA-h423-w6qv-2wj3 · BIT-parse-2022-39313 · CVE-2022-39313
Published · Modified
Description
Impact
Parse Server crashes when a file download request is received with an invalid byte range.
Patches
Improved parsing of the range parameter to properly handle invalid range requests.
Workarounds
None
References
References
- WEB https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-39313
- WEB https://github.com/parse-community/parse-server/commit/066f29673ab4030b6b5b90c0c0326f7d3fe7612a
- WEB https://github.com/parse-community/parse-server/commit/3d7a61ecd5231638f01ff1a965b6313043c594a7
- PACKAGE https://github.com/parse-community/parse-server
- WEB https://github.com/parse-community/parse-server/releases/tag/4.10.17
Ready to move
Start Securing
Free, no credit card | First findings in minutes