Lucene search
K

10 matches found

OSV
OSV
added 2026/03/27 7:14 a.m.2 views

BIT-PARSE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References6
NVD
NVD
added 2026/03/24 7:16 p.m.5 views

CVE-2026-33538

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS0.00406EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/24 7:11 p.m.7 views

Parse Server: Denial of Service via unindexed database query for unconfigured auth providers

Impact An unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/24 7:11 p.m.16 views

GHSA-G4CF-XJ29-WQQR Parse Server: Denial of Service via unindexed database query for unconfigured auth providers

Impact An unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured...

8.7CVSS5.9AI score0.00406EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/24 6:24 p.m.5 views

CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5
CVE
CVE
added 2026/03/24 6:24 p.m.10 views

CVE-2026-33538

Parse Server v8.6.58 and v9.6.0-alpha.52 patch CVE-2026-33538, which allowed unauthenticated attackers to trigger DoS by sending auth requests for unconfigured providers. The server queries the user database for each unconfigured provider, and without an index on unconfigured providers this cause...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/24 6:24 p.m.20 views

CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS0.00406EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:24 p.m.5 views

CVE-2026-33538

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/24 6:24 p.m.8 views

CVE-2026-33538 Parse Server: Denial of service via unindexed database query for unconfigured auth providers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27483

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.58 Parse Server versions prior to 9.6.0-alpha.52 Description An unauthenticated attacker can cause a denial of service by sending authentication requests with arbitrary, unconfigured provider names. The serve...

8.7CVSS5.9AI score0.00406EPSS
Exploits0References9
Rows per page
Query Builder