Server-Side Request Forgery (SSRF)

Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...

GHSA-3F5F-XGRJ-97PF Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

Parse Server 代码问题漏洞

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A code issue vulnerability exists in Parse Server versions prior to 8.6.2 and prior to 9.1.1-alpha.1, which stems from an SSRF vulnerability in the Instagram...