Description
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Remediation
References
https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
https://github.com/parse-community/parse-server-push-adapter/pull/217
https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
Related Vulnerabilities
CVE-2021-21307 Vulnerability in maven package org.lucee:lucee
CVE-2021-23518 Vulnerability in npm package cached-path-relative
CVE-2011-1475 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-8137 Vulnerability in maven package org.webjars.npm:uppy
CVE-2017-7658 Vulnerability in maven package org.eclipse.jetty:jetty-server