CVE-2022-39313

HIGH

Parseplatform Parse-server < 4.10.17 - Denial of Service

Title source: rule

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.

References (1)

[Third Party Advisory] https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 56.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-1284

Status published

Products (2)

npm/parse-server 0 - 4.10.17npm

parseplatform/parse-server < 4.10.17

Published Oct 24, 2022

Tracked Since Feb 18, 2026