What is CVE-2022-31089?

CVE-2022-31089 is a high-severity vulnerability in Parse-community Parse-server, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 7.5/10. Published 2022-06-27.

How severe is CVE-2022-31089?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Parse-community Parse-server

CVE-2022-31089

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running mult…

EPSS: 0.003 (56.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Parse-community Parse-server — versions < 4.10.12, >=5.0.0, < 5.2.3

Weakness classification (CWE)

References

github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9 (x_refsource_CONFIRM)
github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31089?: CVE-2022-31089 is a high-severity vulnerability in Parse-community Parse-server, classified under Use of Incorrectly-Resolved Name or Reference. CVSS score: 7.5/10. Published 2022-06-27.
How severe is CVE-2022-31089?: High severity. CVSS v3 base score is 7.5 out of 10.