Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:36 p.m.9 views

CVE-2022-41878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

9.8CVSS6.5AI score0.00875EPSS
Exploits0References1
CVE
CVE
added 2022/11/10 12:0 a.m.89 views

CVE-2022-41878

Parse Server contains a prototype pollution vulnerability (CVE-2022-41878) where keywords defined in the requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers, allowing them to be saved to the database and bypass the denylist. Affected versions are prior to 4.10.19 or 5.3.2; ...

9.8CVSS8AI score0.00875EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/10 12:0 a.m.5 views

CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

7.2CVSS9.2AI score0.00875EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/11/09 8:47 p.m.9 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-41878 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-41878 Source advisory: OSV:GHSA-XPRV-WVH7-QQQX...

9.8CVSS7.1AI score0.00875EPSS
Exploits0
Rows per page
Query Builder