Vulnerability Details : CVE-2023-32688
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Vulnerability category: Input validation
Products affected by CVE-2023-32688
- cpe:2.3:a:parseplatform:parse_server_push_adapter:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-32688
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-32688
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
1.2
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2023-32688
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
References for CVE-2023-32688
-
https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
Invalid push request payload crashes Parse Server · Advisory · parse-community/parse-server-push-adapter · GitHubPatch;Vendor Advisory
-
https://github.com/parse-community/parse-server-push-adapter/pull/217
fix: Validate push notification payload by mtrezza · Pull Request #217 · parse-community/parse-server-push-adapter · GitHubPatch
-
https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
Release 4.1.3 · parse-community/parse-server-push-adapter · GitHubRelease Notes
Jump to