9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
parse-server | le | 7.0.0-alpha.28 | |
parse-server | le | 6.5.4 | |
parse-server | le | 7.0.0-alpha.28 | |
parse-server | le | 6.5.4 |
github.com/advisories/GHSA-6hh7-46r2-vf29
github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b
github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e
github.com/parse-community/parse-server/releases/tag/6.5.5
github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29
github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%