HIGH 7.5 npm
Parse Server may crash when uploading file without extension
GHSA-792q-q67h-w579 · BIT-parse-2023-46119 · CVE-2023-46119
Published · Modified
Description
Impact
Parse Server crashes when uploading a file without extension.
Patches
A permanent fix has been implemented to prevent the server from crashing.
Workarounds
There are no known workarounds.
References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
- Patched in Parse Server 6: https://github.com/parse-community/parse-server/releases/tag/6.3.1
- Patched in Parse Server 5 (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.6
References
- WEB https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-46119
- WEB https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
- WEB https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
- PACKAGE https://github.com/parse-community/parse-server
- WEB https://github.com/parse-community/parse-server/releases/tag/5.5.6
- WEB https://github.com/parse-community/parse-server/releases/tag/6.3.1
Ready to move
Start Securing
Free, no credit card | First findings in minutes