{ "schema_version": "1.4.0", "id": "GHSA-2479-qvv7-47qq", "modified": "2022-09-13T22:16:02Z", "published": "2019-06-13T16:22:13Z", "aliases": [ "CVE-2019-1020012" ], "summary": "Parse Server before v3.4.1 vulnerable to Denial of Service", "details": "### Impact\n\nIf a POST request is made to /parse/classes/_Audience (or other volatile class), any subsuquent POST requests result in an internal server error (500).\n\n\n### Patches\nAfflicted installations will also have to remove the offending collection from their database.\n\nYes, patched in 3.4.1\n\n### Workarounds\n\nYes, user can apply: https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5\n\n### References\nNothing other than this advisory at this time\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [parse-server](https://github.com/parse-community/parse-server)\n* Email us at [security@parseplatform.org](mailto:security@parseplatform.org)\n", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "npm", "name": "parse-server" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.4.1" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1020012" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-2479-qvv7-47qq" }, { "type": "PACKAGE", "url": "https://github.com/parse-community/parse-server" }, { "type": "WEB", "url": "https://snyk.io/vuln/SNYK-JS-PARSESERVER-455635" }, { "type": "WEB", "url": "https://www.npmjs.com/advisories/1113" } ], "database_specific": { "cwe_ids": [ "CWE-444" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:51:19Z", "nvd_published_at": null } }