Количество 2
Количество 2
CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.
GHSA-crrq-vr9j-fxxh
Protected fields exposed via LiveQuery
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-31112 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields. | CVSS3: 8.2 | 1% Низкий | больше 3 лет назад |
| GHSA-crrq-vr9j-fxxh Protected fields exposed via LiveQuery | CVSS3: 8.2 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу