Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parseplatform | Parse-Server | < 4.10.12 |
Related Weaknesses (CWE)
References
- https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae8PatchThird Party Advisory
- https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjThird Party Advisory
- https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae8PatchThird Party Advisory
- https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjThird Party Advisory
FAQ
What is CVE-2022-31089?
CVE-2022-31089 is a vulnerability with a CVSS score of 7.5 (HIGH). Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can cr...
How severe is CVE-2022-31089?
CVE-2022-31089 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31089?
Check the references section above for vendor advisories and patch information. Affected products include: Parseplatform Parse-Server.