12 matches found
EUVD-2023-2492
Malicious code in bioql PyPI...
EUVD-2022-6666
Malicious code in bioql PyPI...
BIT-PARSE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
BIT-PARSE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...
CVE-2023-41058
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Impact Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the client using a valid master key. However, using...
GHSA-2M6G-CRV8-P3C6 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Impact Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the client using a valid master key. However, using...
CVE-2022-36079
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
Code injection
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
CVE-2022-36079
CVE-2022-36079 affects Parse Server. Internal/protected fields (prefixed with '_') can be used as query constraints, and before fixes users could enumerate these fields to elicit a response object. This vulnerability existed prior to patches in versions 4.10.14 and 5.2.5, which require the master...