Описание
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Ссылки
- Patch
- Release Notes
- https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993PatchVendor Advisory
- Patch
- Release Notes
- https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.3 (исключая)
cpe:2.3:a:parseplatform:parse_server_push_adapter:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 36%
0.00152
Низкий
4.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 4.9
github
больше 2 лет назад
Invalid push request payload crashes Parse Server
EPSS
Процентиль: 36%
0.00152
Низкий
4.9 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-20
CWE-20