4 matches found
CVE-2024-47183
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...
CVE-2024-47183 Parse Server's custom object ID allows to acquire role privileges
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...
CVE-2024-47183
Summary: Parse Server vulnerability CVE-2024-47183 arises when allowCustomObjectId: true is enabled. An attacker allowed to create a new user can set a custom object ID and thereby acquire privileges of a specific role. This is mitigated by fixed versions 6.5.9 and 7.3.0. What’s affected: Parse S...
CVE-2024-47183 Parse Server's custom object ID allows to acquire role privileges
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...