VYPR
High severityNVD Advisory· Published Oct 4, 2024· Updated Oct 4, 2024

Parse Server's custom object ID allows to acquire role privileges

CVE-2024-47183

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
parse-servernpm
< 6.5.96.5.9
parse-servernpm
>= 7.0.0, < 7.3.07.3.0

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.