Description
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Remediation
References
https://github.com/parse-community/parse-server-push-adapter/pull/217
https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
Related Vulnerabilities
CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver
CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-commons
CVE-2022-21681 Vulnerability in npm package marked
CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap