Improper Input Validation
CVE-2022-39313
Summary
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, 5.0.x prior to 5.2.8, and 5.3.x prior to 5.3.0-alpha.29 crashes when a file download request is received with an invalid byte range, resulting in a Denial of Service. There are no known workarounds.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References
Advisory Timeline
- Published