CVE-2023-46119 HIGH

CVE-2023-46119: Parse Server may crash when uploading file without extension

Vendor Parse-Community

Product parse-server

Weakness CWE-23

Published October 25, 2023

Last update September 10, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.

Key dates

02Disclosure timeline

October 25, 2023 CVE published

September 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-46119

Related vulnerabilities

Identifiers

CVE CVE-2023-46119

CWE CWE-23

CVSS 7.5 / HIGH

Affected versions

Vendor Parse-Community

Product parse-server

Affected >= 1.0.0, < 5.5.6

Vendor Parse-Community

Product parse-server

Affected >= 6.0.0, < 6.3.1

CVE-2023-46119: Parse Server may crash when uploading file without extension

01Description

02Disclosure timeline

03References

04Related CVE