HIGH 7.5

GHSA-792q-q67h-w579

Parse Server may crash when uploading file without extension

Details

### Impact

Parse Server crashes when uploading a file without extension.

### Patches

A permanent fix has been implemented to prevent the server from crashing.

### Workarounds

There are no known workarounds.

### References

- GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579 - Patched in Parse Server 6: https://github.com/parse-community/parse-server/releases/tag/6.3.1 - Patched in Parse Server 5 (LTS): https://github.com/parse-community/parse-server/releases/tag/5.5.6

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / parse-server

Introduced in: 1.0.0 Fixed in: 5.5.6

Fix npm install parse-server@5.5.6

npm / parse-server

Introduced in: 6.0.0 Fixed in: 6.3.1

Fix npm install parse-server@6.3.1

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579 [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2023-46119 [ADVISORY]
https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe [WEB]
https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0 [WEB]
https://github.com/parse-community/parse-server [PACKAGE]
https://github.com/parse-community/parse-server/releases/tag/5.5.6 [WEB]
https://github.com/parse-community/parse-server/releases/tag/6.3.1 [WEB]