CVE-2023-46119

Summary

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.

Affected Software

VendorProductVersion RangeStatus
parse-communityparse-server>= 1.0.0, < 5.5.6affected
parse-communityparse-server>= 6.0.0, < 6.3.1affected

Weaknesses

  • CWE-23: CWE-23: Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References