GHSA-qf8x-vqjv-92gr

Опубликовано: 04 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter

Impact

Weak validation of the Apple certificate URL in the Apple Game Center authentication adapter allows to bypass authentication and makes the server vulnerable to DoS attacks.

Patches

The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

Ссылки

Пакеты

Наименование

parse-server

npm

Затронутые версииВерсия исправления

< 4.10.10

4.10.10

Наименование

parse-server

npm

Затронутые версииВерсия исправления

>= 5.0.0, < 5.2.1

5.2.1

EPSS

Процентиль: 36%

0.0015

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-24901

Дефекты

CWE-287

CWE-295

Связанные уязвимости

CVE-2022-24901

CVSS3: 7.5

nvd

почти 4 года назад

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

EPSS

Процентиль: 36%

0.0015

Низкий

7.5 High

CVSS3

CVE ID

CVE-2022-24901

Дефекты

CWE-287

CWE-295