Description
Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.
Remediation
References
https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr
Related Vulnerabilities
CVE-2016-10750 Vulnerability in maven package com.hazelcast:hazelcast-spring
CVE-2020-28278 Vulnerability in maven package org.webjars.npm:shvl
CVE-2022-24815 Vulnerability in npm package generator-jhipster
CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2015-0279 Vulnerability in maven package org.richfaces:richfaces-a4j