Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Parse\-Server
(Parseplatform)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-28 | CVE-2023-36475 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1. | Parse\-Server | 9.8 | ||
| 2023-09-04 | CVE-2023-41058 | Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is used as a security layer to modify the incoming query. The vulnerability has been fixed by refactoring the internal query pipeline for a more concise code structure and implementing a patch to ensure the `beforeFind` trigger is invoked. This fix was... | Parse\-Server | 7.5 | ||
| 2023-10-25 | CVE-2023-46119 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1. | Parse\-Server | 7.5 | ||
| 2019-07-29 | CVE-2019-1020012 | parse-server before 3.4.1 allows DoS after any POST to a volatile class. | Parse\-Server | 7.5 | ||
| 2019-07-29 | CVE-2019-1020013 | parse-server before 3.6.0 allows account enumeration. | Parse\-Server | 5.3 |