37 matches found
EUVD-2023-1517
Malicious code in bioql PyPI...
parse-server 安全漏洞
parse-server is a Node.js/Express parse server open-sourced by Parse Platform. A security vulnerability exists in parse-server version 5.3.0 and earlier, which stems from a prototype contamination in the SingleInstanceStateController.initializeState function, which allows an attacker to inject an...
CVE-2023-32689
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2019-1020013
parse-server before 3.6.0 allows account enumeration...
CVE-2019-1020012
parse-server before 3.4.1 allows DoS after any POST to a volatile class...
GHSA-837Q-JHWX-CMPV Parse Server has an OAuth login vulnerability
Impact The 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, th...
CVE-2022-24760
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
CVE-2024-47183
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and...
CVE-2024-39309
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...
Parse Server literalizeRegexPart SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-29027 via parse-server (>=2.0.8 <=6.5.11)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-29027 Source advisory: OSV:GHSA-6HH7-46R2-VF29...
Parse Server 代码问题漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.15, 5.0.0 through 5.2.6. An attacker can use this vulnerability to assign a session object to his or her own user by writi...
PT-2021-23094 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.4 Description: The issue concerns the exposure of session tokens in LiveQuery payloads for users with a LiveQuery subscription on the Parse.User class. Normally, session tokens are removed from responses fo...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-39138 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-39138 Source advisory: OSV:GHSA-23R4-5MXP-C7G5...
CVE-2021-39138
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...
CVE-2019-1020013
parse-server before 3.6.0 allows account enumeration...