CVE-2022-31112

Parse Server LiveQuery vulnerability (CVE-2022-31112): protected fields in classes were exposed to clients because LiveQueryController failed to strip them. The issue affects Parse Server LiveQuery; the fix is implemented by removing protected fields from client responses in the updated controlle...

CVE-2022-31112 Protected fields exposed via LiveQuery in parse-server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client respons...

UBUNTU-CVE-2022-2078

A vulnerability was found in the Linux kernel's nftsetdescconcatparse function .This flaw allows an attacker to trigger a buffer overflow via nftsetdescconcatparse , causing a denial of service and possibly to run code...

Parse Server Denial of Service Vulnerability

Parse Server is a backend that can be deployed to any infrastructure that can run Node.js. A denial-of-service vulnerability exists in Parse Server, which stems from certain types of invalid file requests not being handled properly and can be exploited by an attacker to cause the server to crash...

Parse Server 信息泄露漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server suffers from an information disclosure vulnerability that stems from the fact that the parsing server, LiveQuery, does not remove protected fields from classes and passes them to t...

PT-2022-20537 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server affected versions not specified Description: The issue concerns Parse Server LiveQuery, which in affected versions does not remove protected fields in classes, passing them to the client. This has been addressed by the...

Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

A modular command-line tool to parse, create and manipulate JSON Web TokenJWT tokens for security testing purposes. Features Complete modularity. All commands are plugins. Easy to add new plugins. Support JWS and JWE tokens. Easy interface for plugins. follow the template example Flexible token...

10secondsofcode-custom (=1.0.0), 1kohei1 (>=1.0.0 <=1.0.1) +4296 more potentially affected by CVE-2022-0624 via parse-path (>=3.0.4 <=4.0.4)

parse-path NPM version =3.0.4, =1.0.0, =1.0.0, =3.0.0-beta.22, =3.0.0-beta.22, =3.16.2, =3.16.3, =3.16.2, =3.16.2, =0.1.2, =11.0.1, =11.0.2 and more Source cves: CVE-2022-0624 Source advisory: OSV:GHSA-3J8F-XVM3-FFX4...

The vulnerability of the _nc_parse_entry function in the terminal input/output library parse_entry.c allows a attacker to cause a service failure.

The vulnerability of the ncparseentry function in the terminal input/output library’s source file parseentry.c is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created file...

UBUNTU-CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

Cross-site Scripting (XSS)

parse-url is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of input validation which allows an attacker to inject and execute malicious script via URL parameter...

CVE-2022-0624

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

CVE-2022-0624 Authorization Bypass Through User-Controlled Key in ionicabizau/parse-path

Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0...

Server-Side Request Forgery in parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

Cross site scripting in parse-url

Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1...

GHSA-Q6WQ-5P59-983W Cross site scripting in parse-url

Cross-site Scripting XSS - Generic in GitHub repository ionicabizau/parse-url prior to 6.0.1...

GHSA-7F3X-X4PR-WQHJ Server-Side Request Forgery in parse-url

Server-Side Request Forgery SSRF in GitHub repository ionicabizau/parse-url prior to 7.0.0...

Cross site scripting in parse-url

Cross-site Scripting XSS - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0...

Hostname confusion in parse-url

Exposure of Sensitive Information to an Unauthorized Actor via hostname confusion in GitHub repository ionicabizau/parse-url prior to 6.0.1...