CVE-2023-46119: Parse Server may crash when uploading file without extension
(updated )
Impact
Parse Server crashes when uploading a file without extension.
Patches
A permanent fix has been implemented to prevent the server from crashing.
Workarounds
There are no known workarounds.
References
- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
- Patched in Parse Server 6: https://github.com/parse-community/parse-server/releases/tag/6.3.1
- Patched in Parse Server 5 (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.6
References
- github.com/advisories/GHSA-792q-q67h-w579
- github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
- github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
- github.com/parse-community/parse-server/releases/tag/5.5.6
- github.com/parse-community/parse-server/releases/tag/6.3.1
- github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
Code Behaviors & Features
Detect and mitigate CVE-2023-46119 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →