PT-2022-20517 · Unknown · Parse Server

Mtrezza

Published

2022-06-20

Updated

2024-03-06

CVE-2022-31089

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.12 Parse Server versions prior to 5.2.3

Description The issue arises from the improper handling of certain types of invalid file requests, which can cause the server to crash. The availability impact may be low if multiple Parse Server instances are running in a cluster, but it may be high if Parse Server is running as a single instance without redundancy.

Recommendations For versions prior to 4.10.12, upgrade to version 4.10.12 or later. For versions prior to 5.2.3, upgrade to version 5.2.3 or later. As there are no known workarounds for this issue, upgrading to the specified versions is the recommended course of action.

Exploit

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-706

Related Identifiers

BIT-PARSE-2022-31089

CVE-2022-31089

GHSA-XW6G-JJVF-WWF9

Affected Products

Parse Server

PT-2022-20517 · Unknown · Parse Server

CVE-2022-31089

Weakness Enumeration

Related Identifiers

Affected Products

References · 10