Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the `clientSDK` parameter in the request-header parser. An attacker can exhaust CPU resources on a worker node by submitting an excessively long value for `x-parse-client-version`, causing eponential regex backtracking. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `parse-server` to version 8.6.77, 9.9.1-alpha.1 or higher.	<8.6.77>=9.0.0 <9.9.1-alpha.1

Regular Expression Denial of Service (ReDoS)

parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the clientSDK parameter in the request-header parser. An attacker can exhaust CPU resources on a worker node by submitting an excessively long value for x-parse-client-version, causing eponential regex backtracking.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade parse-server to version 8.6.77, 9.9.1-alpha.1 or higher.

<8.6.77>=9.0.0 <9.9.1-alpha.1

Go back to all versions of this package