Описание
Parse Server before v3.4.1 vulnerable to Denial of Service
Impact
If a POST request is made to /parse/classes/_Audience (or other volatile class), any subsuquent POST requests result in an internal server error (500).
Patches
Afflicted installations will also have to remove the offending collection from their database.
Yes, patched in 3.4.1
Workarounds
Yes, user can apply: https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5
References
Nothing other than this advisory at this time
For more information
If you have any questions or comments about this advisory:
- Open an issue in parse-server
- Email us at security@parseplatform.org
Пакеты
Наименование
parse-server
npm
Затронутые версииВерсия исправления
< 3.4.1
3.4.1
Связанные уязвимости
CVSS3: 7.5
nvd
около 6 лет назад
parse-server before 3.4.1 allows DoS after any POST to a volatile class.