Information Disclosure

2022-09-0808:23:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

parse-server

vulnerability

information disclosure

sensitive user information

lack of validation

EPSS

0.002

Percentile

54.2%

JSON

parse-server is vulnerable to information disclosure. An unauthorized attacker is able to gain access to sensitive user information because of lack of validation in the search pattern.

References

github.com/parse-community/parse-server/commit/634c44acd18f6ee6ec60fac89a2b602d92799bec

github.com/parse-community/parse-server/commit/e39d51bd329cd978589983bd659db46e1d45aad4

github.com/parse-community/parse-server/issues/8143

github.com/parse-community/parse-server/issues/8144

github.com/parse-community/parse-server/pull/8143

github.com/parse-community/parse-server/pull/8144

github.com/parse-community/parse-server/releases/tag/4.10.14

github.com/parse-community/parse-server/releases/tag/5.2.5

github.com/parse-community/parse-server/security/advisories/GHSA-2m6g-crv8-p3c6

EPSS

0.002

Percentile

54.2%

JSON

Related for VERACODE:36977