Lucene search
K

1619 matches found

Prion
Prion
added 2022/03/12 12:15 a.m.26 views

Default configuration

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

7.5CVSS9.5AI score0.49081EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/03/12 12:0 a.m.5 views

Parse Server 注入漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in versions of Parse Server prior to 4.10.7. The vulnerability stems from Prototype Pollution vulnerable code in the DatabaseController.js file...

10CVSS8.3AI score0.49081EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/03/11 11:55 p.m.10 views

CVE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

10CVSS9.6AI score0.49081EPSS
Exploits1References3
OSV
OSV
added 2022/03/11 11:55 p.m.38 views

CVE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

10CVSS8.7AI score0.49081EPSS
Exploits1References5
CVE
CVE
added 2022/03/11 11:55 p.m.136 views

CVE-2022-24760

The set of connected sources confirms CVE-2022-24760 is a real vulnerability in Parse Server (pre-4.10.7) caused by prototype pollution in DatabaseController.js, enabling Remote Code Execution with default MongoDB configurations on Linux/Windows. Impact is described as RCE (high severity) with a ...

10CVSS9.5AI score0.49081EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/03/11 11:55 p.m.204 views

CVE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

10CVSS9.9AI score0.49081EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/03/11 11:53 p.m.6 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-24760 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-24760 Source advisory: OSV:GHSA-P6H4-93QP-JHCM...

10CVSS7.2AI score0.49081EPSS
Exploits1
OSV
OSV
added 2022/03/11 11:53 p.m.31 views

GHSA-P6H4-93QP-JHCM Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

10CVSS9.7AI score0.49081EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/03/11 11:53 p.m.57 views

Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

10CVSS0.1AI score0.49081EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/11 12:0 a.m.4 views

PT-2022-16862 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.7 Description: The issue is a Remote Code Execution RCE vulnerability in Parse Server, affecting the default configuration with MongoDB. The main weakness is the Prototype Pollution vulnerable code in the...

10CVSS9.5AI score0.49081EPSS
Exploits1References9
Huntr
Huntr
added 2021/12/20 8:43 p.m.39 views

Command Injection in parse-community/parse-server

Description This is a Remote Code Execution vulnerability in the Parse Server. This vulnerability affects the Parse Server in the default configuration with MongoDB, probably a similar attack can affect the PostgreSQL storage as well. The main weakness that leads to RCE is the Prototype Pollution...

7.5CVSS0.2AI score0.49081EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2021/09/30 5:9 p.m.6 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-41109 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-41109 Source advisory: OSV:GHSA-7PR3-P5FM-8R9X...

7.5CVSS7.1AI score0.01206EPSS
Exploits0
OSV
OSV
added 2021/09/30 5:9 p.m.18 views

GHSA-7PR3-P5FM-8R9X LiveQuery publishes user session tokens in parse-server

Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...

7.5CVSS7.4AI score0.01206EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/09/30 5:9 p.m.42 views

LiveQuery publishes user session tokens in parse-server

Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...

7.5CVSS1.2AI score0.01206EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/09/30 3:15 p.m.17 views

CVE-2021-41109

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

7.5CVSS0.01206EPSS
Exploits0References3
OSV
OSV
added 2021/09/30 3:15 p.m.13 views

CVE-2021-41109

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

7.5CVSS7.5AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/30 3:15 p.m.3 views

CVE-2021-41109

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

7.5CVSS7.1AI score0.01206EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/09/30 3:15 p.m.24 views

Session fixation

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

4.3CVSS7.5AI score0.01206EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/09/30 3:10 p.m.70 views

CVE-2021-41109

CVE-2021-41109 refers to a vulnerability in Parse Server where, before version 4.10.4, LiveQuery payloads leaked session tokens for users with a LiveQuery subscription on the Parse.User class. The root cause is that LiveQuery payloads included session tokens while regular queries did not. The adv...

7.5CVSS7.5AI score0.01206EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/30 3:10 p.m.35 views

CVE-2021-41109 LiveQuery publishes user session tokens

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

7.5CVSS7.7AI score0.01206EPSS
Exploits0References3
Rows per page
Query Builder