Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-24901 Vulnerability in npm package parse-server

Description

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

Remediation

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr

Related Vulnerabilities

CVE-2019-10172 Vulnerability in maven package org.codehaus.jackson:jackson-mapper-asl

CVE-2023-29199 Vulnerability in npm package vm2

CVE-2021-36374 Vulnerability in maven package org.apache.ant:ant

CVE-2019-16777 Vulnerability in npm package npm

CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Issue Tracking Third Party Advisory