Описание
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use Parse.Cloud.afterLiveQueryEvent to manually remove protected fields.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchRelease NotesThird Party Advisory
- PatchRelease NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Issue TrackingPatchRelease NotesThird Party Advisory
- PatchRelease NotesThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.10.13 (исключая)Версия от 5.0.0 (включая) до 5.2.4 (исключая)
Одно из
cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*
cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 69%
0.00595
Низкий
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-200
CWE-212
Связанные уязвимости
EPSS
Процентиль: 69%
0.00595
Низкий
8.2 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-200
CWE-212