Unchecked Return Value

CVE-2022-31089

High

7.5/10

Summary

In the NPM package parse-server, certain types of invalid file requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high. Affected versions are before 4.10.12, 5.0.x before 5.2.3, and 5.3.x before 5.3.0-alpha.19.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-252 - Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Jun 27, 2022

Unchecked Return Value

CVE-2022-31089

Summary

CWE-252 - Unchecked Return Value

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS