VYPR
Critical severityNVD Advisory· Published Jun 28, 2023· Updated Nov 27, 2024

Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution

CVE-2023-36475

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
parse-servernpm
< 5.5.25.5.2
parse-servernpm
>= 6.0.0, < 6.2.16.2.1

Affected products

3

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.