Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parse Server crashes when receiving file download request with invalid byte range
Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
CWE-1284
Vulnerability Title
Parse Server 输入验证错误漏洞
Vulnerability Description
Parse Server是一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 4.10.17版本之前及 5.2.8 版本之前的 5.x 版本存在输入验证错误漏洞,该漏洞源于收到包含无效字节范围的文件下载请求时会崩溃,从而导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A