Lucene search
K

5 matches found

OSV
OSV
added 2022/11/10 1:2 p.m.13 views

GHSA-93VW-8FM5-P2JF Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks

Impact A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. Patches Improved keyword detection. Workarounds None. Collaborators Mikhail Shcherbakov, Cristian-Alexandru Staicu and Musar...

7.2CVSS8.2AI score0.00809EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/11/10 1:2 p.m.29 views

Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks

Impact A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. Patches Improved keyword detection. Workarounds None. Collaborators Mikhail Shcherbakov, Cristian-Alexandru Staicu and Musar...

9.8CVSS9AI score0.00809EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/09 8:47 p.m.27 views

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers

Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...

9.8CVSS9AI score0.00875EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/11/09 8:47 p.m.27 views

GHSA-XPRV-WVH7-QQQX Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers

Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...

7.2CVSS8.2AI score0.00875EPSS
Exploits0References7
CNVD
CNVD
added 2016/09/21 12:0 a.m.1 views

Tencent cloud security suffers from injection bypass vulnerability

Tencent Cloud is a public cloud platform built by Tencent for a wide range of enterprises and individuals; it provides basic cloud computing services such as cloud servers, cloud databases, cloud storage and CDN, as well as industry solutions for games, videos and mobile applications. Tencent clo...

7.2AI score
Exploits0References1
Rows per page
Query Builder