Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-qf8x-vqjv-92gr

GitHub Security Advisory

Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
Weak validation of the Apple certificate URL in the Apple Game Center authentication adapter allows to bypass authentication and makes the server vulnerable to DoS attacks.

### Patches
The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

Affected Packages

npm parse-server
Affected versions: 0 (fixed in 4.10.10)
npm parse-server
Affected versions: 5.0.0 (fixed in 5.2.1)

Related CVEs

CVE-2022-24901

Key Information

GHSA ID
GHSA-qf8x-vqjv-92gr
Published
May 4, 2022 6:59 PM
Last Modified
June 2, 2022 5:39 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
parse-server
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 9, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.