Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bdwe-y1sa-6kbu
Vulnerability ID VCID-bdwe-y1sa-6kbu
Aliases CVE-2023-46119
GHSA-792q-q67h-w579
Summary Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-23 Relative Path Traversal
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0057 https://api.first.org/data/v1/epss?cve=CVE-2023-46119
epss 0.0057 https://api.first.org/data/v1/epss?cve=CVE-2023-46119
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-792q-q67h-w579
cvssv3.1 7.5 https://github.com/parse-community/parse-server
generic_textual HIGH https://github.com/parse-community/parse-server
cvssv3.1 7.5 https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
generic_textual HIGH https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
ssvc Track https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
cvssv3.1 7.5 https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
generic_textual HIGH https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
ssvc Track https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
cvssv3.1 7.5 https://github.com/parse-community/parse-server/releases/tag/5.5.6
generic_textual HIGH https://github.com/parse-community/parse-server/releases/tag/5.5.6
ssvc Track https://github.com/parse-community/parse-server/releases/tag/5.5.6
cvssv3.1 7.5 https://github.com/parse-community/parse-server/releases/tag/6.3.1
generic_textual HIGH https://github.com/parse-community/parse-server/releases/tag/6.3.1
ssvc Track https://github.com/parse-community/parse-server/releases/tag/6.3.1
cvssv3.1 7.5 https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
cvssv3.1_qr HIGH https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
generic_textual HIGH https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
ssvc Track https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-46119
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-46119
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-46119
https://github.com/parse-community/parse-server
https://nvd.nist.gov/vuln/detail/CVE-2023-46119
5.5.6 https://github.com/parse-community/parse-server/releases/tag/5.5.6
6.3.1 https://github.com/parse-community/parse-server/releases/tag/6.3.1
686a9f282dc23c31beab3d93e6d21ccd0e1328fe https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
fd86278919556d3682e7e2c856dfccd5beffbfc0 https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
GHSA-792q-q67h-w579 https://github.com/advisories/GHSA-792q-q67h-w579
GHSA-792q-q67h-w579 https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/ Found at https://github.com/parse-community/parse-server/commit/686a9f282dc23c31beab3d93e6d21ccd0e1328fe
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/ Found at https://github.com/parse-community/parse-server/commit/fd86278919556d3682e7e2c856dfccd5beffbfc0
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/releases/tag/5.5.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/ Found at https://github.com/parse-community/parse-server/releases/tag/5.5.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/releases/tag/6.3.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/ Found at https://github.com/parse-community/parse-server/releases/tag/6.3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-10T15:28:20Z/ Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-46119
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.69064
EPSS Score 0.0057
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:21:18.608564+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2023/46xxx/CVE-2023-46119.json 38.6.0