GHSA-2479-qvv7-47qq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2479-qvv7-47qq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/06/GHSA-2479-qvv7-47qq/GHSA-2479-qvv7-47qq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2479-qvv7-47qq
- Aliases
- Related
- Published
- 2019-06-13T16:22:13Z
- Modified
- 2026-02-04T04:13:55.724249Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Parse Server before v3.4.1 vulnerable to Denial of Service
- Details
-
Impact
If a POST request is made to /parse/classes/_Audience (or other volatile class), any subsuquent POST requests result in an internal server error (500).
Patches
Afflicted installations will also have to remove the offending collection from their database.
Yes, patched in 3.4.1
Workarounds
Yes, user can apply: https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5
References
Nothing other than this advisory at this time
For more information
If you have any questions or comments about this advisory: * Open an issue in parse-server * Email us at security@parseplatform.org
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-444" ], "github_reviewed_at": "2020-06-16T20:51:19Z", "severity": "HIGH", "github_reviewed": true }- References
-
- https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq
- https://nvd.nist.gov/vuln/detail/CVE-2019-1020012
- https://github.com/advisories/GHSA-2479-qvv7-47qq
- https://github.com/parse-community/parse-server
- https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635
- https://www.npmjs.com/advisories/1113
Affected packages
npm / parse-server
Package
- Name
- parse-server
- View open source insights on deps.dev
- Purl
- pkg:npm/parse-server