AZL-41455 CVE-2020-28852 affecting package multus for versions less than 4.0.2-1

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

AZL-41422 CVE-2020-28851 affecting package multus for versions less than 4.0.2-1

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

DEBIAN-CVE-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

Out-of-bounds

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. x/text/language is supposed to be able to parse an HTTP Accept-Language header...

PT-2021-11584 · X/Text +7 · X/Text +7

Name of the Vulnerable Software and Affected Versions: x/text versions 1.15.4 Description: An "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. The x/text/language package is supposed to be able to parse an HTTP Accept-Language header...

Google Go Input Validation Error Vulnerability

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. An input validation error vulnerability exists in Go version 1.15.4, which stems from the occurrence of "slice bounds out of range" in the language.ParseAcceptLanguage BCP 47...

CVE-2020-26288

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

CVE-2020-26288

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

Authentication flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

Password stored in plain text

Overview parse-server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication ...

CVE-2020-26288 Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

CVE-2020-26288

CVE-2020-26288 (Parse Server) affects the parse-server npm package prior to version 4.5.0. In those versions, user passwords involved in LDAP authentication are stored in cleartext, creating a risk of exposure. The issue is resolved in version 4.5.0, which fixes the vulnerability by stripping the...

parse-server 加密问题漏洞

parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...

Information Disclosure

parse-server is vulnerable to information disclosure. The vulnerability exist because the user passwords involved in LDAP authentication are stored in cleartext...

Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to preven...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2020-26288 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2020-26288 Source advisory: OSV:GHSA-4W46-W44M-3JQ3...

GHSA-4W46-W44M-3JQ3 Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to preven...

PT-2020-16406 · Parse · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.5.0 Description: The issue involves the storage of user passwords in cleartext for LDAP authentication. This occurs in Parse Server when user passwords are not stripped after authentication, leading to clearte...

Cross-Site Scripting

Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...

GHSA-63Q7-H895-M982 Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...