1602 matches found
CVE-2022-39396 Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a...
CVE-2022-41878 Parse Server Prototype pollution and Injection via Cloud Code Webhooks or Cloud Code Triggers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...
CVE-2022-39396 Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 4.10.20 or 5.3.3, which stems from an attacker's ability to prototype contamination via a cloud code web hook...
CVE-2022-41878
Parse Server contains a prototype pollution vulnerability (CVE-2022-41878) where keywords defined in the requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers, allowing them to be saved to the database and bypass the denylist. Affected versions are prior to 4.10.19 or 5.3.2; ...
CVE-2022-39396 Parse Server vulnerable to Remote Code Execution via prototype pollution in MongoDB BSON parser
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a...
CVE-2022-41879 Parse Server subject to Prototype pollution via Cloud Code Webhooks
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server...
GHSA-XPRV-WVH7-QQQX Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-41878 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-41878 Source advisory: OSV:GHSA-XPRV-WVH7-QQQX...
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Impact Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option. Patches Improved keyword detection. Workarounds...
PT-2022-26110
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.19 Parse Server versions prior to 5.3.2 Description The issue allows keywords specified in the requestKeywordDenylist option to be injected via Cloud Code Webhooks or Triggers, resulting in the keyword being...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server 4.10.18 through versions prior to 5.3.1 on the 5.X branch, which stems from the fact that an attacker can use a prototype contamination receiver ...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-39396 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-39396 Source advisory: OSV:GHSA-PRM5-8G2M-24GG...
Remote code execution via MongoDB BSON parser through prototype pollution
Impact An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. Patches Prevent prototype pollution in MongoDB database adapter. Workarounds Disable remote code execution through the MongoDB BSON parser. Collaborators Mikhail Shcherbako...
PT-2022-24955 · Unknown +2 · Parse Server +2
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.18 Parse Server versions prior to 5.3.1 on the 5.X branch Description: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An attacker can use a prototype...
Denial Of Service (DoS)
parse-server is vulnerable to denial of service. The vulnerability exists in multiple functions due to user inputs not properly validated which allows an attacker to send a file download request with an invalid byte range causing an application crash...
CVE-2022-39313
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been...
CVE-2022-39313 Parse Server crashes when receiving file download request with invalid byte range
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been...
Parse Server 输入验证错误漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An input validation error vulnerability exists in Parse Server prior to version 4.10.17 and version 5.x prior to version 5.2.8, which stems from a crash upon receiving a file download request...