PT-2023-23963 · Unknown · Parse-Server-Push-Adapter
Mtrezza
·
Published
2023-05-22
·
Updated
2023-06-02
·
CVE-2023-32688
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
parse-server-push-adapter versions prior to 4.1.3
Description
The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload.
Recommendations
For versions prior to 4.1.3, update to version 4.1.3 to resolve the issue. As a temporary workaround, consider implementing input validation to prevent invalid push notification payloads from crashing the server.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Parse-Server-Push-Adapter