Vulnerability Database

301,027

Total vulnerabilities in the database

CVE-2022-24901

Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.

Published: May 4, 2022
Updated: May 9, 2024
CVE: CVE-2022-24901
GHSA: GHSA-qf8x-vqjv-92gr
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

OWASP TOP 10:

Affected Software
References

Software	From	Fixed in
parseplatform / parse-server	5.0.0	5.2.1
parseplatform / parse-server	-	4.10.10
parse-server	-	4.10.10
parse-server	5.0.0	5.2.1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo