@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-39187 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-39187 Source advisory: OSV:GHSA-XQP8-W826-HH6X...

GHSA-XQP8-W826-HH6X Parse Server crashes with query parameter

Impact Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. Patches Upgrade to Parse Server 4.10.3...

Parse Server crashes with query parameter

Impact Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. Patches Upgrade to Parse Server 4.10.3...

CVE-2021-39187

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

CVE-2021-39187

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

Design/Logic Flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

CVE-2021-39187

CVE-2021-39187 affects Parse Server prior to 4.10.3. The vulnerability arises from the MongoDB Node.js driver: when a query request contains an invalid value for the explain option, the driver throws an exception that Parse Server cannot catch, causing a crash. A patch exists in Parse Server 4.10...

CVE-2021-39187 Crash server with query parameter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an...

PT-2021-22444 · Unknown · Parse Server +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.3 Description: The issue occurs when a query request contains an invalid value for the explain option, causing Parse Server to crash due to a bug in the MongoDB Node.js driver that throws an exception Parse...

Parse Server 注入漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in versions of Parse Server prior to 4.10.3, which can cause the Parse Server to crash if a query request contains an invalid value for the "explain" option. T...

GHSA-G452-6RFC-VRVX Prototype Pollution in open-graph

This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a proto or constructor payload...

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:3281)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3281 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

af-core (>=0.1.0 <=0.1.8), af-lib (=0.1.1) +51 more potentially affected by CVE-2021-1000007 +1 more via parse_duration (>=1.0.3 <=2.1.1)

parseduration CARGO version =1.0.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.6.2, =0.6.2, =0.6.2, =0.1.0, =0.1.0, =0.3.12, =0.1.0, =0.1.0, =0.3.0 and more Source cves: CVE-2021-1000007, CVE-2021-29932 Source advisory: OSV:GHSA-QPGV-G792-WH6X...

python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

parse-server new anonymous user session acts as if it's created with password

Impact Developers that use the REST API to signup users and also allow users to login anonymously. When an anonymous user is first signed up using REST, the server creates session incorrectly, particularly the authProvider field in Session class under createdWith shows the user logged in creating...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-39138 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-39138 Source advisory: OSV:GHSA-23R4-5MXP-C7G5...

Privilege Escalation

parse-server is vulnerable to privilege escalation. The vulnerability exists due to an incorrect session creation when using createWith function that incorrectly classified the session type as being created with a password which gives that user a different level of access than one created as an...