Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
Vulnerability Description
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
证书验证不恰当
Vulnerability Title
parse-community parse-server 信任管理问题漏洞
Vulnerability Description
parse-server是一款开源的Backend-as-a-Service(BaaS)框架,它主要用于应用程序后端处理。 parse-community parse-server存在安全漏洞,该漏洞源于身份验证适配器对于Apple证书URL不正确验证。攻击者利用该漏洞可以绕过身份验证向服务器发起拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A