Lucene search

parse-server new anonymous user session acts as if it's created with password

🗓️ 23 Aug 2021 19:52:41Reported by GitHub Advisory DatabaseType

parse-server session creation issue with anonymous user logi

Reporter	Title	Published	Views	Family All 7
Prion	Design/Logic Flaw	19 Aug 202116:15	–	prion
Cvelist	CVE-2021-39138 New anonymous user session acts as if it's created with password	18 Aug 202121:40	–	cvelist
NVD	CVE-2021-39138	19 Aug 202116:15	–	nvd
OSV	BIT-parse-2021-39138	6 Mar 202411:03	–	osv
OSV	parse-server new anonymous user session acts as if it's created with password	23 Aug 202119:41	–	osv
Veracode	Privilege Escalation	20 Aug 202102:20	–	veracode
CVE	CVE-2021-39138	19 Aug 202116:15	–	cve

Vulners

Node

parseplatform parse\-serverRange<4.5.2

Source	Link
github	www.github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-39138
github	www.github.com/parse-community/parse-server/commit/147bd9a3dc43391e92c36e05d5db860b04ca27db
github	www.github.com/parse-community/parse-server/releases/tag/4.5.2
github	www.github.com/advisories/GHSA-23r4-5mxp-c7g5

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Aug 2021 19:41Current

6.3Medium risk

Vulners AI Score6.3

CVSS26.4

CVSS34.8 - 6.5

EPSS0.001