Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
parseplatform parse-server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41878
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This w...
Parseplatform Parse-server
NA
CVE-2022-41879
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an malicious user to use prototype pollution to bypass the Parse Serve...
Parseplatform Parse-server
NA
CVE-2022-39396
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions before 4.10.18, and before 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink ...
Parseplatform Parse-server
NA
CVE-2022-39313
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions before 4.10.17, and before 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This i...
Parseplatform Parse-server
NA
CVE-2022-39231
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 4.10.16, or from 5.0.0 to 5.2.6, validation of the authentication adapter app ID for _Facebook_ and _Spotify_ may be circumvented. Configurations which allow...
Parseplatform Parse-server
NA
CVE-2022-39225
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions before 4.10.15, or 5.0.0 and above before 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker ...
Parseplatform Parse-server
NA
CVE-2022-36079
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are ...
Parseplatform Parse-server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3