CVE-2023-32688
Summary
| CVE | CVE-2023-32688 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-27 04:15:00 UTC |
| Updated | 2023-06-02 18:58:00 UTC |
| Description | parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Parseplatform | Parse Server Push Adapter | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Invalid push request payload crashes Parse Server · Advisory · parse-community/parse-server-push-adapter · GitHub | MISC | github.com | |
| Release 4.1.3 · parse-community/parse-server-push-adapter · GitHub | MISC | github.com | |
| fix: Validate push notification payload by mtrezza · Pull Request #217 · parse-community/parse-server-push-adapter · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.