Description
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.
Remediation
References
https://github.com/parse-community/parse-server-push-adapter/pull/217
https://github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
Related Vulnerabilities
CVE-2023-40337 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder
CVE-2018-3719 Vulnerability in maven package org.webjars.npm:mixin-deep
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2023-28155 Vulnerability in maven package org.webjars.npm:request
CVE-2023-26473 Vulnerability in maven package org.xwiki.platform:xwiki-platform-query-manager