3 matches found
GHSA-93VW-8FM5-P2JF Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Impact A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. Patches Improved keyword detection. Workarounds None. Collaborators Mikhail Shcherbakov, Cristian-Alexandru Staicu and Musar...
GHSA-XPRV-WVH7-QQQX Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...