1602 matches found
Privilege Escalation
parse-server is vulnerable to privilege escalation. The vulnerability exists due to an incorrect session creation when using createWith function that incorrectly classified the session type as being created with a password which gives that user a different level of access than one created as an...
CVE-2021-39138
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...
CVE-2021-39138
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...
Design/Logic Flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...
Parse Server 授权问题漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An authorization issue vulnerability exists in versions of Parse Server prior to 4.5.1 that stems from the server incorrectly creating a session when an anonymous user registers with REST for t...
CVE-2021-39138 New anonymous user session acts as if it's created with password
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates sessi...
CVE-2021-39138
Parse Server prior to v4.5.1 incorrectly classifies anonymous sessions as password-created when first signing up via REST, due to the createdWith value in _Session. This affects only developers who rely on createdWith for access control; the vulnerability is fixed in 4.5.1. The recommended workar...
PT-2021-22398 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.5.1 Description: The issue arises when an anonymous user is first signed up using the REST API, causing the server to create a session incorrectly. Specifically, the authProvider field in the Session class und...
7ghost (>=4.11.0 <=4.11.46), @0x18b2ee/parse-server (>=3.10.1 <=3.11.0) +2864 more potentially affected by CVE-2021-28918 +1 more via netmask (>=0.0.2 <=1.0.6)
netmask NPM version =0.0.2, =4.11.0, =3.10.1, =0.1.0, =0.1.0, =1.6.1, =0.0.1, =2.0.0, =0.0.9, =0.0.175, =0.0.81, =2.0.0, =0.9.17, =1.0.5 and more Source cves: CVE-2021-28918, CVE-2021-29418 Source advisory: OSV:GHSA-PCH5-WHG9-QR2R...
parse-server encryption issue vulnerability
parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...
CVE-2020-26288
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...
CVE-2020-26288
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...
Authentication flaw
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...
Password stored in plain text
Overview parse-server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication ...
CVE-2020-26288 Parse Server stores password in plain text
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...
CVE-2020-26288
CVE-2020-26288 (Parse Server) affects the parse-server npm package prior to version 4.5.0. In those versions, user passwords involved in LDAP authentication are stored in cleartext, creating a risk of exposure. The issue is resolved in version 4.5.0, which fixes the vulnerability by stripping the...
parse-server 加密问题漏洞
parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...
Information Disclosure
parse-server is vulnerable to information disclosure. The vulnerability exist because the user passwords involved in LDAP authentication are stored in cleartext...
Parse Server stores password in plain text
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to preven...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2020-26288 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2020-26288 Source advisory: OSV:GHSA-4W46-W44M-3JQ3...