{"api_version":"1","generated_at":"2026-04-22T21:39:50+00:00","cve":"CVE-2023-32688","urls":{"html":"https://cve.report/CVE-2023-32688","api":"https://cve.report/api/cve/CVE-2023-32688.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-32688","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-32688"},"summary":{"title":"CVE-2023-32688","description":"parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-05-27 04:15:00","updated_at":"2023-06-02 18:58:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993","name":"https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993","refsource":"MISC","tags":[],"title":"Invalid push request payload crashes Parse Server · Advisory · parse-community/parse-server-push-adapter · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3","name":"https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3","refsource":"MISC","tags":[],"title":"Release 4.1.3 · parse-community/parse-server-push-adapter · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/parse-community/parse-server-push-adapter/pull/217","name":"https://github.com/parse-community/parse-server-push-adapter/pull/217","refsource":"MISC","tags":[],"title":"fix: Validate push notification payload by mtrezza · Pull Request #217 · parse-community/parse-server-push-adapter · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-32688","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32688","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"32688","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"parseplatform","cpe5":"parse_server_push_adapter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"node.js","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-32688","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20: Improper Input Validation","cweId":"CWE-20"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"parse-community","product":{"product_data":[{"product_name":"parse-server-push-adapter","version":{"version_data":[{"version_affected":"=","version_value":"< 4.1.3"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993","refsource":"MISC","name":"https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993"},{"url":"https://github.com/parse-community/parse-server-push-adapter/pull/217","refsource":"MISC","name":"https://github.com/parse-community/parse-server-push-adapter/pull/217"},{"url":"https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3","refsource":"MISC","name":"https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3"}]},"source":{"advisory":"GHSA-mxhg-rvwx-x993","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-05-27 04:15:00","lastModifiedDate":"2023-06-02 18:58:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:parseplatform:parse_server_push_adapter:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.1.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}