{ "id": "CVE-2023-46119", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T18:17:36.183", "lastModified": "2023-11-01T17:09:01.520", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.\n\n" }, { "lang": "es", "value": "Parse Server es un backend de c\u00f3digo abierto que se puede implementar en cualquier infraestructura que pueda ejecutar Node.js. Parse Server falla al cargar un archivo sin extensi\u00f3n. Esta vulnerabilidad ha sido parcheada en las versiones 5.5.6 y 6.3.1." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] }, { "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-23" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "5.5.6", "matchCriteriaId": "DD729BE7-3FF0-420D-BB40-5CC4D7AAA89A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "6.0.0", "versionEndExcluding": "6.3.1", "matchCriteriaId": "E2229024-7226-4410-85D7-80CDA49F303B" } ] } ] } ], "references": [ { "url": "https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe", "source": "security-advisories@github.com", "tags": [ "Patch" ] }, { "url": "https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0", "source": "security-advisories@github.com", "tags": [ "Patch" ] }, { "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.6", "source": "security-advisories@github.com", "tags": [ "Release Notes" ] }, { "url": "https://github.com/parse-community/parse-server/releases/tag/6.3.1", "source": "security-advisories@github.com", "tags": [ "Release Notes" ] }, { "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579", "source": "security-advisories@github.com", "tags": [ "Vendor Advisory" ] } ] }