GHSA-9F2H-7V79-MXW3 Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Summary Prototype pollution capabilities on various APIs. Details Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically: - ParseObject.fromJSON - ParseObject.pin - ParseObject.registerSubclass -...

Parse-SDK-JS 安全漏洞

Parse-SDK-JS is an open source developer toolkit for the Parse Platform. A security vulnerability exists in Parse-SDK-JS versions prior to 7.0.0 that originates from the injection of a malicious payload and could lead to the remote execution of arbitrary code...

GHSA-WVH7-5P38-2QFC Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...

Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...