7.5
CVE-2026-32770
- EPSS 0.04%
- Veröffentlicht 18.03.2026 21:37:36
- Zuletzt bearbeitet 19.03.2026 17:32:00
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.19 and 8.6.43, a remote attacker can crash the Parse Server by subscribing to a LiveQuery with an invalid regular expression pattern. The server process terminates when the invalid pattern reaches the regex engine during subscription matching, causing denial of service for all connected clients. The fix in 9.6.0-alpha.19 and 8.6.43 validates regular expression patterns at subscription time, rejecting invalid patterns before they are stored. Additionally, a defense-in-depth try-catch prevents any subscription matching error from crashing the server process. As a workaround, disable LiveQuery if it is not needed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parseplatform ≫ Parse-server SwPlatformnode.js Version < 8.6.43
Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 9.0.0 < 9.6.0
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha1 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha10 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha11 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha12 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha13 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha14 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha15 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha16 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha17 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha18 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha2 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha3 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha4 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha5 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha6 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha7 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha8 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha9 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.109 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-248 Uncaught Exception
An exception is thrown from a function, but it is not caught.