18 matches found
BIT-PARSE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. Th...
CVE-2026-33498
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...
CVE-2026-33508
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce the requestComplexity.queryDepth configuration setting when processing WebSocket subscription...
CVE-2026-33498
CVE-2026-33498 affects Parse Server (Node.js). Before versions 8.6.55 and 9.6.0-alpha.44, an unauthenticated HTTP request with a deeply nested query containing logical operators can permanently hang the server process, rendering it unresponsive and requiring manual restart. This is a bypass of th...
CVE-2026-33498 Parse Server: Query condition depth bypass via pre-validation transform pipeline
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...
Uncontrolled Recursion
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Uncontrolled Recursion via the pre-validation transform pipeline. An attacker can cause the server process to become...
GHSA-9FJP-Q3C4-6W3J Parse Server has a query condition depth bypass via pre-validation transform pipeline
Impact An attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server process. The server becomes completely unresponsive and must be manually restarted. This is a bypass of the fix for CVE-2026-32944. Patches The...
BIT-PARSE-2026-32944 Parse Server crash via deeply nested query condition operators
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server an...
EUVD-2026-12992
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 9.6.0-alpha.21 and 8.6.45. These vulnerabilities stemmed from deep nested query...
PT-2026-26165
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...
CVE-2021-47713
Affected software: Hasura GraphQL Engine, version 1.3.3. Vulnerability: Denial-of-service via crafted GraphQL queries with excessively nested fields, enabling an attacker to use long query strings and multi-threaded requests to exhaust server resources and potentially crash the GraphQL endpoint. ...
PT-2023-26482 · Tdengine · Tdengine
Name of the Vulnerable Software and Affected Versions: TDengine versions prior to 3.0.7.1 Description: TDengine is an open source, time-series database optimized for Internet of Things devices. The issue affects TDengine Databases that allow users to connect and run arbitrary queries, causing the...
SUSE CVE-2019-18455
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
Impact Executing deeply nested queries may cause stack overflow. Patches Upgrade to v4.0.6...
MariaDB 代码问题漏洞
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a denial-of-service vulnerability that stems from the product allowing self-queries to be nested by nesting them within Update...
CVE-2019-18455
An issue was discovered in GitLab Community and Enterprise Edition 11 through 12.4 when building Nested GraphQL queries. It has a large or infinite loop...
Remote Code Execution (RCE)
Eve is vulnerable to remote code execution RCE attacks. The library does not fully sanitize nested mongo queries, allowing a malicious user to inject and execute arbitrary code...