1612 matches found
Prototype Pollution
parse-server is vulnerable to Prototype Pollution. The vulnerability exists due to improper conditional checks in multiple functions which allows an attacker to inject and modify malicious prototypes via the MongoDB BSON parser, resulting in remote code execution...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-36475 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-36475 Source advisory: OSV:GHSA-462X-C3JW-7VR6...
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. Patches Prevent prototype pollution in MongoDB database adapter. Workarounds Disable remote code execution through the MongoDB BSON parser. Credits - Discovered by hir0ot...
GHSA-462X-C3JW-7VR6 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. Patches Prevent prototype pollution in MongoDB database adapter. Workarounds Disable remote code execution through the MongoDB BSON parser. Credits - Discovered by hir0ot...
CVE-2023-36475
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
CVE-2023-36475
Parse Server is affected by a prototype pollution vulnerability that enables remote code execution through the MongoDB BSON parser. The issue occurs in affected builds prior to 5.5.2 and 6.2.1, where a prototype pollution sink can be exploited to trigger RCE. A patch is available in versions 5.5....
CVE-2023-36475 Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.5.2 and prior to 6.2.1, which stems from a vulnerability that allows an attacker to trigger remote code execution using a...
PT-2023-25584 · Unknown +2 · Parse Server +2
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.2 and 6.2.1 Description: The issue allows an attacker to use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This can be exploited in Parse Server, an open sour...
Phishing Attack
parse-server is vulnerable to Phishing Attacks. A malicious user is able to upload an HTML file to the system via its public API, which is available at the internet domain where Parse Server is hosted, allowing the URL of the uploaded HTML files to be used for phishing attacks...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-32689 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-32689 Source advisory: OSV:GHSA-9PRM-JQWX-45X9...
GHSA-9PRM-JQWX-45X9 Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
CVE-2023-32689
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689
Parse Server (Node.js) versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing-style flaw where a user can upload an HTML file via the public API, making that HTML accessible under the hosting domain for phishing use. The vulnerability is compounded by the Parse JavaScript SDK, which store...