1602 matches found
Parse Server transformUpdate Prototype Pollution Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the transformUpdate function. The issue results from the lack of control over modifications...
Parse Server _expandResultOnKeyPath Prototype Pollution Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the \expandResultOnKeyPath function. The issue results from the lack of control over...
CVE-2022-41878
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...
CVE-2022-41879
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-41879 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-41879 Source advisory: OSV:GHSA-93VW-8FM5-P2JF...
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Impact A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. Patches Improved keyword detection. Workarounds None. Collaborators Mikhail Shcherbakov, Cristian-Alexandru Staicu and Musar...
GHSA-93VW-8FM5-P2JF Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Impact A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option. Patches Improved keyword detection. Workarounds None. Collaborators Mikhail Shcherbakov, Cristian-Alexandru Staicu and Musar...
Prototype Pollution
parse-server is vulnerable to Prototype Pollution. An attacker can inject properties into existing construct prototypes via the MongoDB BSON parser and modify attributes such as proto, constructor, and prototype base objects to achieve remote code execution...
CVE-2022-39396
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a...
Remote code execution
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a...
CVE-2022-41879
Parse Server is affected by a prototype pollution vulnerability in Cloud Code Webhook targets. In versions prior to 5.3.3 and 4.10.20, an attacker can exploit a compromised Cloud Code Webhook endpoint to bypass the server’s requestKeywordDenylist, enabling prototype pollution with potentially hig...
CVE-2022-41879 Parse Server subject to Prototype pollution via Cloud Code Webhooks
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...
PT-2022-26111 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 5.3.3 Parse Server versions prior to 4.10.20 Description: A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...
CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...
CVE-2022-39396
Parse Server is vulnerable to Remote Code Execution via prototype pollution in the MongoDB BSON parser. Affected are versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch. The issue is fixed in 4.10.18 and in 5.3.1; there are no known workarounds."
CVE-2022-41879 Parse Server subject to Prototype pollution via Cloud Code Webhooks
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...
CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.19 or 5.3.2, which stems from an attacker's ability to contaminate prototypes via cloud code web hooks or cloud code...