VYPR

Bitnami package

parse

pkg:bitnami/parse

Vulnerabilities (110)

  • CVE-2022-31089Jun 27, 2022
    affected < 4.10.12fixed 4.10.12

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster,

  • CVE-2022-31083Jun 17, 2022
    affected < 4.10.11fixed 4.10.11

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed

  • CVE-2022-24901May 4, 2022
    affected < 4.10.10fixed 4.10.10

    Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks o

  • CVE-2022-24760Mar 11, 2022
    affected < 4.10.7fixed 4.10.7

    Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the

  • CVE-2021-41109Sep 30, 2021
    affected < 4.10.4fixed 4.10.4

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular (non-LiveQuery) queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a Li

  • CVE-2021-39187Sep 2, 2021
    affected < 4.10.3fixed 4.10.3

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver whi

  • CVE-2021-39138Aug 18, 2021
    affected < 4.5.1fixed 4.5.1

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the ser

  • CVE-2020-26288Dec 30, 2020
    affected < 4.5.0fixed 4.5.0

    Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.

  • CVE-2020-15270Oct 22, 2020
    affected < 4.3.1fixed 4.3.1

    Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens.

  • CVE-2020-5251Mar 4, 2020
    affected < 4.1.0fixed 4.1.0

    In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.

Page 6 of 6