Google Go Input Validation Error Vulnerability

Google Go is a static strongly-typed, compiled, concatenated, and garbage-collected programming language from Google, Inc. An input validation error vulnerability exists in Go version 1.15.4, which stems from the occurrence of "slice bounds out of range" in the language.ParseAcceptLanguage BCP 47...

PT-2021-11584 · X/Text +7 · X/Text +7

Name of the Vulnerable Software and Affected Versions: x/text versions 1.15.4 Description: An "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. The x/text/language package is supposed to be able to parse an HTTP Accept-Language header...

CVE-2020-26288

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

CVE-2020-26288

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

Authentication flaw

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

Password stored in plain text

Overview parse-server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication ...

CVE-2020-26288 Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...

CVE-2020-26288

CVE-2020-26288 (Parse Server) affects the parse-server npm package prior to version 4.5.0. In those versions, user passwords involved in LDAP authentication are stored in cleartext, creating a risk of exposure. The issue is resolved in version 4.5.0, which fixes the vulnerability by stripping the...

parse-server 加密问题漏洞

parse-server is an open source Backend-as-a-Service BaaS framework , it is mainly used for application back-end processing . A security vulnerability exists in Parse Server versions prior to 4.5.0 that stems from LDAP authentication involving user passwords stored in plaintext. No details of the...

Information Disclosure

parse-server is vulnerable to information disclosure. The vulnerability exist because the user passwords involved in LDAP authentication are stored in cleartext...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2020-26288 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2020-26288 Source advisory: OSV:GHSA-4W46-W44M-3JQ3...

Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to preven...

GHSA-4W46-W44M-3JQ3 Parse Server stores password in plain text

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to preven...

PT-2020-16406 · Parse · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.5.0 Description: The issue involves the storage of user passwords in cleartext for LDAP authentication. This occurs in Parse Server when user passwords are not stripped after authentication, leading to clearte...

Cross-Site Scripting

Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...

GHSA-63Q7-H895-M982 Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

Security Bulletin: A security vulnerability in Node.js csv-parse module affects IBM Cloud Pak for Multicloud Management Infrastructure Management.

Summary A security vulnerability in Node.js csv-parse module affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2019-17592 DESCRIPTION: Node.js csv-parse module is vulnerable to a denial of service, caused by a malformed regular expression...

CVE-2020-0489

In Parsedata of easmdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android...

kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow

A flaw was found in the HDLCPPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the pppcpparsecr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data...

AZL-45153 CVE-2020-7788 affecting package nodejs-nodemon 2.0.3-5

This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...