1603 matches found
PT-2023-25584 · Unknown +2 · Parse Server +2
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.5.2 and 6.2.1 Description: The issue allows an attacker to use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This can be exploited in Parse Server, an open sour...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.5.2 and prior to 6.2.1, which stems from a vulnerability that allows an attacker to trigger remote code execution using a...
Phishing Attack
parse-server is vulnerable to Phishing Attacks. A malicious user is able to upload an HTML file to the system via its public API, which is available at the internet domain where Parse Server is hosted, allowing the URL of the uploaded HTML files to be used for phishing attacks...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2023-32689 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2023-32689 Source advisory: OSV:GHSA-9PRM-JQWX-45X9...
GHSA-9PRM-JQWX-45X9 Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
Phishing attack vulnerability by uploading malicious HTML file
Impact Phishing attack vulnerability by uploading malicious files. A malicious user could upload a HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for...
CVE-2023-32689
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689 Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server vi...
CVE-2023-32689
Parse Server (Node.js) versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing-style flaw where a user can upload an HTML file via the public API, making that HTML accessible under the hosting domain for phishing use. The vulnerability is compounded by the Parse JavaScript SDK, which store...
PT-2023-23964 · Unknown · Parse Javascript Sdk +1
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.4.4 and 6.1.1 Description: The issue involves a phishing attack vulnerability where a malicious user can upload an HTML file to Parse Server via its public API. This uploaded HTML file can then be accessed at...
Parse Server 代码问题漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.4 and 6.0.0 through 6.1.1, which stems from a malicious user being able to upload HTML files to Parse Server via its public...
CVE-2023-32688
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...
Design/Logic Flaw
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...
CVE-2023-32688 Invalid push request payload crashes Parse Server
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...
CVE-2023-32688
CVE-2023-32688 concerns parse-server-push-adapter, the Push Notification adapter for Parse Server. The issue arises from an invalid push notification payload that can crash Parse Server. A fix was released in version 4.1.3, mitigating the crash by correcting payload handling. Connected sources co...
CVE-2023-32688 Invalid push request payload crashes Parse Server
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...
CVE-2023-32688 Invalid push request payload crashes Parse Server
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3...