BIT-parse-2022-24901

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/parse/BIT-parse-2022-24901.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-parse-2022-24901

Aliases

Published

2024-03-06T11:02:56.971Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

Database specific

{
    "cpes": [
        "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*"
    ],
    "severity": "High"
}

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr

Affected packages

Bitnami / parse

Package

Name: parse
Purl: pkg:bitnami/parse

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.10

Introduced

5.0.0

Fixed

5.2.1