Description

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.

Remediation

References

https://github.com/parse-community/parse-server-push-adapter/pull/217

https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3

https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993

Related Vulnerabilities

CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver

CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-commons

CVE-2022-21681 Vulnerability in npm package marked

CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Patch Release Notes Vendor Advisory