Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-k91x-3e4k-8bef
Vulnerability ID VCID-k91x-3e4k-8bef
Aliases CVE-2022-31089
GHSA-xw6g-jjvf-wwf9
GMS-2022-2518
Summary Invalid file request can crash server ### Impact Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact may be high. ### Patches To prevent this, invalid requests are now properly handled. ### Workarounds None ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9 - https://github.com/parse-community/parse-server ### For more information - For questions or comments about this vulnerability visit our [community forum](http://community.parseplatform.org/) or [community chat](http://chat.parseplatform.org/) - Report other vulnerabilities at [report.parseplatform.org](https://report.parseplatform.org/)
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-252 Unchecked Return Value
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-706 Use of Incorrectly-Resolved Name or Reference
System Score Found at
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-31089
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-31089
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-31089
epss 0.00334 https://api.first.org/data/v1/epss?cve=CVE-2022-31089
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-xw6g-jjvf-wwf9
cvssv3.1 7.5 https://github.com/parse-community/parse-server
generic_textual HIGH https://github.com/parse-community/parse-server
cvssv3.1 7.5 https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92
generic_textual HIGH https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92
ssvc Track https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92
cvssv3.1 7.5 https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
cvssv3.1_qr HIGH https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
generic_textual HIGH https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
ssvc Track https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-31089
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-31089
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-31089
https://github.com/parse-community/parse-server
https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92
https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
https://nvd.nist.gov/vuln/detail/CVE-2022-31089
GHSA-xw6g-jjvf-wwf9 https://github.com/advisories/GHSA-xw6g-jjvf-wwf9
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:53Z/ Found at https://github.com/parse-community/parse-server/commit/5be375dec2fa35425c1003ae81c55995ac72af92
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:53Z/ Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-31089
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.5655
EPSS Score 0.00334
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:53:18.942202+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-xw6g-jjvf-wwf9/GHSA-xw6g-jjvf-wwf9.json 38.6.0