CVE-2023-32688 MEDIUM

CVE-2023-32688: Invalid push request payload crashes Parse Server

Vendor Parse-Community
Product parse-server-push-adapter
Weakness CWE-20 · Input validation
Published May 27, 2023
Last update January 14, 2025

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.

Key dates

02Disclosure timeline

May 27, 2023 CVE published
January 14, 2025 Record updated