Lucene search
K

5 matches found

OSV
OSV
added 2026/06/16 12:40 p.m.5 views

BIT-PARSE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as Express...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 7:16 p.m.16 views

CVE-2026-50008

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as...

6.9CVSS0.00342EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:22 p.m.10 views

CVE-2026-50008 Parse Server: Server option routeAllowList is bypassable through batch sub-requests

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-alpha.3, the routeAllowList server option restricts external client access to a configured list of REST API routes. The check is only enforced as...

6.9CVSS5.3AI score0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:22 p.m.25 views

CVE-2026-50008

Parse Server (versions 9.8.0–before 9.9.1-alpha.3) is affected by a bypass in the routeAllowList option. The allow-list check is enforced as Express middleware against the outer HTTP request URL, but the /batch handler dispatches sub-requests to the internal router without re-running the allow-li...

6.9CVSS5.2AI score0.00342EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48955

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.8.0 through 9.9.1-alpha.3 Description The routeAllowList server option is intended to restrict external client access to a specific list of REST API routes. However, the check is only enforced as Express middleware...

6.9CVSS5.2AI score0.00342EPSS
Exploits0References4
Rows per page
Query Builder