Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks

Impact A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. Patches Improved keyword detection. Workarounds None. Collaborators Mikhail Shcherbakov, Cristian-Alexandru Staicu and Musar...

parse-community parse-server 信任管理问题漏洞

parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-community parse-server that stems from an authentication adapter that does not properly validate the Apple certificate URL. An...