1612 matches found
BIT-PARSE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
BIT-PARSE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
BIT-PARSE-2023-41058 Trigger `beforeFind` not invoked in internal query pipeline in parse-server
Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...
BIT-PARSE-2023-46119 Parse Server may crash when uploading file without extension
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +21 more potentially affected by CVE-2024-27298 via parse-server (>=2.0.8 <=5.6.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.8 and more Source cves: CVE-2024-27298 Source advisory: OSV:GHSA-6927-3VR9-FXF2...
GHSA-6927-3VR9-FXF2 ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 -...
CVE-2024-27298
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...
Sql injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...
CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...
CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...
CVE-2024-27298
CVE-2024-27298 affects parse-server (Parse Server for Node.js/Express) when configured with PostgreSQL. The underlying issue is a SQL injection in the server’s PostgreSQL handling. The vulnerability has been fixed in versions 6.5.0 and 7.0.0-alpha.20. Affected products/versions per sources includ...
CVE-2024-27298 Parse Server literalizeRegexPart SQL Injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20...
parse-server security vulnerability
parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-server versions prior to 6.5.0 and prior to 7.0.0 that stems from the presence of a SQL injection vulnerability...
PT-2024-21803
Name of the Vulnerable Software and Affected Versions parse-server versions prior to 6.5.0 parse-server versions prior to 7.0.0-alpha.20 Description This issue allows SQL injection when parse-server is configured to use the PostgreSQL database. A remote attacker could send specially-crafted SQL...
BIT-2023-46119
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...
CVE-2023-46119
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...
Privilege escalation
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...
Denial Of Service (DoS)
parse-server is vulnerable to Denial of Service. The vulnerability is due to improper validation on the file upload mechanism. The attacker can exploit this issue by uploading a file without any extension resulting in an application crash...
CVE-2023-46119 Parse Server may crash when uploading file without extension
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...