Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:48 p.m.13 views

CVE-2022-36079

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

8.6CVSS6.5AI score0.01002EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/09/16 9:17 p.m.3 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-36079 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-36079 Source advisory: OSV:GHSA-2M6G-CRV8-P3C6...

8.6CVSS7.1AI score0.01002EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/07 8:40 p.m.49 views

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

8.6CVSS8.2AI score0.01002EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/09/07 8:40 p.m.9 views

CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...

8.6CVSS8.5AI score0.01002EPSS
Exploits0References7
CVE
CVE
added 2022/09/07 8:40 p.m.73 views

CVE-2022-36079

CVE-2022-36079 affects Parse Server. Internal/protected fields (prefixed with '_') can be used as query constraints, and before fixes users could enumerate these fields to elicit a response object. This vulnerability existed prior to patches in versions 4.10.14 and 5.2.5, which require the master...

8.6CVSS7.9AI score0.01002EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder