CVE-2022-2217

A cross-site-scripting XSS flaw was found in the parse-url package of npm. This issue could allow an attacker to use escape characters to run malicious JavaScript code on a webpage that was generated by the affected package. The highest impact is to integrity and confidentiality...

File Protocol Spoofing

Description parse-url misinterpreting the file:// protocol when trying to match git urls. The following payload is certainly valid file protocol but is interpreted as ssh protocol. file:///etc/passwd?http://a:1:1 Proof of Concept // PoC.js const fs = require'fs'; var parseURL = require"parse-url"...

CVE-2022-31112

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

CVE-2022-31112

Parse Server LiveQuery vulnerability (CVE-2022-31112): protected fields in classes were exposed to clients because LiveQueryController failed to strip them. The issue affects Parse Server LiveQuery; the fix is implemented by removing protected fields from client responses in the updated controlle...

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

UBUNTU-CVE-2022-2078

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

PT-2022-20537 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server affected versions not specified Description: The issue concerns Parse Server LiveQuery, which in affected versions does not remove protected fields in classes, passing them to the client. This has been addressed by the...

Parse Server Denial of Service Vulnerability

Parse Server is a backend that can be deployed to any infrastructure that can run Node.js. A denial-of-service vulnerability exists in Parse Server, which stems from certain types of invalid file requests not being handled properly and can be exploited by an attacker to cause the server to crash...

Parse Server 信息泄露漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server suffers from an information disclosure vulnerability that stems from the fact that the parsing server, LiveQuery, does not remove protected fields from classes and passes them to t...

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...

10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +4290 more potentially affected by CVE-2022-0624 via parse-path (>=3.0.4 <=4.0.4)

parse-path NPM version =3.0.4, =1.0.0, =1.0.0, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =0.1.2, =11.0.1, =11.0.2 and more Source cves: CVE-2022-0624 Source advisory: OSV:GHSA-3J8F-XVM3-FFX4...

UBUNTU-CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

Cross-site Scripting (XSS)

parse-url is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of input validation which allows an attacker to inject and execute malicious script via URL parameter...

CVE-2022-0624

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

CVE-2022-0624 Authorization Bypass Through User-Controlled Key in ionicabizau/parse-path

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

GHSA-Q6WQ-5P59-983W Cross site scripting in parse-url

Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1...