CVE-2022-26260

CVE-2022-26260 affects Simple-Plist v1.3.0. The Red Hat, Veracode, and OSV entries, plus CVE records, confirm a prototype-pollution vulnerability in the library exposed via the .parse() function. Root cause: improper handling during parsing that allows injection of properties into construct proto...

CVE-2022-26260

Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse...

Simple-Plist 安全漏洞

Simple-Plist is a simple API for interacting with binary and plain text Plist data from Joe Wollard, a personal developer in the US. A security vulnerability exists in wollardj Simple-Plist v1.3.0, which stems from a prototype contamination vulnerability in .parse...

PT-2022-15865 · Netatalk +4 · Netatalk +4

Name of the Vulnerable Software and Affected Versions: Netatalk affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this issue. The specific flaw exists within th...

CVE-2021-39667

In ih264dparsedecodeslice of ih264dparseslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

Remote Code Execution (RCE)

parse-server is vulnerable to remote code execution. The vulnerability exists in DatabaseController.js due to a prototype pollution which allows an attacker to inject and execute arbitrary codes...

CVE-2022-24760

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

Default configuration

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

Parse Server 注入漏洞

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. An injection vulnerability exists in versions of Parse Server prior to 4.10.7. The vulnerability stems from Prototype Pollution vulnerable code in the DatabaseController.js file...

CVE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

CVE-2022-24760

The set of connected sources confirms CVE-2022-24760 is a real vulnerability in Parse Server (pre-4.10.7) caused by prototype pollution in DatabaseController.js, enabling Remote Code Execution with default MongoDB configurations on Linux/Windows. Impact is described as RCE (high severity) with a ...

CVE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

CVE-2022-24760 Command Injection in Parse server

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution...

Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-24760 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-24760 Source advisory: OSV:GHSA-P6H4-93QP-JHCM...

GHSA-P6H4-93QP-JHCM Command injection in Parse Server through prototype pollution

Impact This is a Remote Code Execution RCE vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file DatabaseController.js, so it is likely to affect...

hostname spoofing via Improper Input Validation

Description When to use the parse-url, If user put the https://google.comhashvalue as argument, parse-url doesn't parse the hash value and parses hostname and hash together as hostname. http://localhost/hashvalue and http://localhosthashvalue are the same.. txt - new URL of node ❯ node -e...

PT-2022-16862 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.7 Description: The issue is a Remote Code Execution RCE vulnerability in Parse Server, affecting the default configuration with MongoDB. The main weakness is the Prototype Pollution vulnerable code in the...

UBUNTU-CVE-2021-32435

Stack-based buffer overflow in the function getkey in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service DoS via unspecified vectors...

dotnet: double parser stack buffer overrun

A flaw was found in dotnet, where a buffer overrun exists in the double parse routine, which could lead to remote code execution. This flaw allows an attacker to execute code remotely on the system, leading to some system compromise...