Lucene search
PRIOn knowledge basePRION:CVE-2022-41879HistoryNov 10, 2022 - 9:15 p.m.
Design/Logic Flaw
2022-11-1021:15:00
PRIOn knowledge base
www.prio-n.com
3
parse server
prototype pollution
vulnerability
versions
bypass
requestkeyworddenylist
patch
nvd
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds.
| CPE | Name | Operator | Version |
|---|---|---|---|
| parse-server | lt | 4.10.20 | |
| parse-server | ge | 5.0.0 | |
| parse-server | lt | 5.3.3 |
Related
osv
osv
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
2022-11-10 13:02:35
CVE-2022-41879
2022-11-10 21:15:11
BIT-parse-2022-41879
2024-03-06 11:01:14
github
github
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
2022-11-10 13:02:35
cve
cve
CVE-2022-41879
2022-11-10 21:15:11
veracode
veracode
Prototype Pollution
2022-11-16 10:08:30
nvd
nvd
CVE-2022-41879
2022-11-10 21:15:11
cvelist
cvelist
zdi
zdi