CVE-2023-32688: Improper Input Validation

May 27, 2023 (updated June 2, 2023)

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.

References

github.com/parse-community/parse-server-push-adapter/pull/217
github.com/parse-community/parse-server-push-adapter/releases/tag/4.1.3
github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993
nvd.nist.gov/vuln/detail/CVE-2023-32688

Code Behaviors & Features

Detect and mitigate CVE-2023-32688 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →