GMS-2022-6626: Duplicate of ./npm/parse-server/CVE-2022-41878.yml
Keywords that are specified in the Parse Server option requestKeywordDenylist
can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist
option.
References
- github.com/advisories/GHSA-xprv-wvh7-qqqx
- github.com/parse-community/parse-server/commit/0a2d412e265992d53a670011afd9d2578562adc3
- github.com/parse-community/parse-server/commit/6728da1e3591db1e27031d335d64d8f25546a06f
- github.com/parse-community/parse-server/pull/8301
- github.com/parse-community/parse-server/pull/8302
- github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx
Detect and mitigate GMS-2022-6626 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →