Security: parse-community/parse-server
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
ZDI-CAN-18806: Prototype pollution via Cloud Code WebhooksGHSA-93vw-8fm5-p2jf published
Nov 9, 2022 by mtrezzaHigh -
ZDI-CAN-18750: Prototype pollution via Cloud Code Webhooks or Cloud Code TriggersGHSA-xprv-wvh7-qqqx published
Nov 9, 2022 by mtrezzaHigh -
ZDI-CAN-18358: Remote code execution via MongoDB BSON parser through prototype pollutionGHSA-prm5-8g2m-24gg published
Nov 8, 2022 by mtrezzaCritical -
Server option `masterKeyIps` vulnerability to IP spoofingGHSA-vm5r-c87r-pf6x published
Jan 31, 2023 by mtrezzaHigh -
Server crashes when receiving file download request with invalid byte rangeGHSA-h423-w6qv-2wj3 published
Oct 15, 2022 by mtrezzaHigh -
Phishing attack vulnerability by uploading malicious HTML fileGHSA-9prm-jqwx-45x9 published
May 30, 2023 by mtrezzaModerate -
Invalid file request can crash serverGHSA-xw6g-jjvf-wwf9 published
Jun 17, 2022 by mtrezzaHigh -
Authentication bypass vulnerability in Apple Game Center auth adapterGHSA-rh9j-f5f8-rvgc published
Jun 17, 2022 by mtrezzaCritical -
Protected fields exposed via LiveQueryGHSA-crrq-vr9j-fxxh published
Jun 30, 2022 by mtrezzaHigh -
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapterGHSA-qf8x-vqjv-92gr published
May 1, 2022 by mtrezzaCritical