1602 matches found
parse-community parse-server 信任管理问题漏洞
parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-community parse-server that stems from an authentication adapter that does not properly validate the Apple certificate URL. An...
The Bug Report - March 2022 Edition
The Bug Report - March 2022 By Charles McFarland · April 6, 2022 Your Cybersecurity Comic Relief Comic from https://geek-and-poke.com/ and remains unedited. https://creativecommons.org/licenses/by/3.0/ Use of this comic does not indicate endorsement by the creator. Why am I here? Welcome back the...
Remote Code Execution (RCE)
parse-server is vulnerable to remote code execution. The vulnerability exists in DatabaseController.js due to a prototype pollution which allows an attacker to inject and execute arbitrary codes...
CVE-2022-24760
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
Default configuration
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
Parse Server 注入漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in versions of Parse Server prior to 4.10.7. The vulnerability stems from Prototype Pollution vulnerable code in the DatabaseController.js file...
CVE-2022-24760 Command Injection in Parse server
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
CVE-2022-24760 Command Injection in Parse server
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
CVE-2022-24760
The set of connected sources confirms CVE-2022-24760 is a real vulnerability in Parse Server (pre-4.10.7) caused by prototype pollution in DatabaseController.js, enabling Remote Code Execution with default MongoDB configurations on Linux/Windows. Impact is described as RCE (high severity) with a ...
CVE-2022-24760 Command Injection in Parse server
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...
GHSA-P6H4-93QP-JHCM Command injection in Parse Server through prototype pollution
Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-24760 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-24760 Source advisory: OSV:GHSA-P6H4-93QP-JHCM...
Command injection in Parse Server through prototype pollution
Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...
PT-2022-16862 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.7 Description: The issue is a Remote Code Execution RCE vulnerability in Parse Server, affecting the default configuration with MongoDB. The main weakness is the Prototype Pollution vulnerable code in the...
Command Injection in parse-community/parse-server
Description This is a Remote Code Execution vulnerability in the Parse Server. This vulnerability affects the Parse Server in the default configuration with MongoDB, probably a similar attack can affect the PostgreSQL storage as well. The main weakness that leads to RCE is the Prototype Pollution...
GHSA-7PR3-P5FM-8R9X LiveQuery publishes user session tokens in parse-server
Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...
LiveQuery publishes user session tokens in parse-server
Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-41109 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-41109 Source advisory: OSV:GHSA-7PR3-P5FM-8R9X...
CVE-2021-41109
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...
CVE-2021-41109
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...