BIT-parse-2022-39313

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/parse/BIT-parse-2022-39313.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-parse-2022-39313

Aliases

Published

2024-03-06T11:01:42.508Z

Modified

2025-05-20T10:02:07.006Z

Summary

Parse Server crashes when receiving file download request with invalid byte range

Details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*"
    ]
}

References

Affected packages

Bitnami / parse

Package

Name: parse
Purl: pkg:bitnami/parse

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.17

Introduced

5.0.0

Fixed

5.2.8