CVE-2022-39313

EPSS 0.69%
Veröffentlicht 24.10.2022 14:15:51
Zuletzt bearbeitet 21.11.2024 07:18:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Parse Server crashes when receiving file download request with invalid byte range

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Parseplatform ≫ Parse-server SwPlatformnode.js Version < 4.10.17

Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 5.0.0 < 5.2.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.478

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-39313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-39313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-39313

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-39313