1608 matches found
CVE-2022-31089
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...
Code injection
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...
CVE-2022-31089 Invalid file request can crashe parse-server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...
CVE-2022-31089 Invalid file request can crashe parse-server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...
CVE-2022-31089 Invalid file request can crashe parse-server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability...
CVE-2022-31089
CVE-2022-31089 affects Parse Server (Node.js backend). The vulnerability arises from improper handling of certain invalid file requests, which can crash the server. Impact: availability can be high for a single instance, lower for clustered setups. The issue has been fixed in versions 4.10.12 and...
Parse Server 安全漏洞
Parse Server is a backend that can be deployed to any infrastructure that can run Node.js. A denial-of-service vulnerability exists in Parse Server, which stems from certain types of invalid file requests not being handled properly and can be exploited by an attacker to cause the server to crash...
Denial Of Service (DoS)
parse-server is vulnerable to denial of service DoS attacks. A malicious user is able to cause denial of service conditions via certain types of invalid file requests which are not handled properly...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-31089 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-31089 Source advisory: OSV:GHSA-XW6G-JJVF-WWF9...
GHSA-XW6G-JJVF-WWF9 Invalid file request can crash server
Impact Certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as a single instance without redundancy, the availability impact m...
Authentication Bypass
parse-server is vulnerable to authentication bypass. The vulnerability exists because the certificate in auth adapter is not properly validated. An attacker is able to bypass authentication checks by making a fake certificate accessible via certain Apple domains and providing the URL to that...
PT-2022-20517 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.12 Parse Server versions prior to 5.2.3 Description: The issue arises from the improper handling of certain types of invalid file requests, which can cause the server to crash. The availability impact may b...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-31083 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-31083 Source advisory: OSV:GHSA-RH9J-F5F8-RVGC...
Authentication bypass vulnerability in Apple Game Center auth adapter
Impact The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Patches To prevent this, a new...
GHSA-RH9J-F5F8-RVGC Authentication bypass vulnerability in Apple Game Center auth adapter
Impact The certificate in Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Patches To prevent this, a new...
CVE-2022-31083
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...
Authentication flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...
CVE-2022-31083 Authentication bypass in Parse Server Apple Game Center auth adapter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...
CVE-2022-31083 Authentication bypass in Parse Server Apple Game Center auth adapter
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake...
CVE-2022-31083
Parse Server vulnerability CVE-2022-31083 affects the Apple Game Center auth adapter. Prior to versions 4.10.11 and 5.2.2, the certificate in this adapter was not validated, potentially allowing authentication bypass by supplying a forged certificate via certain Apple domains and an authData URL....