GMS-2022-6745: Duplicate of ./npm/parse-server/CVE-2022-41879.yml
A compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server requestKeywordDenylist option.
References
- github.com/advisories/GHSA-93vw-8fm5-p2jf
- github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8
- github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4
- github.com/parse-community/parse-server/pull/8305
- github.com/parse-community/parse-server/pull/8306
- github.com/parse-community/parse-server/releases/tag/4.10.20
- github.com/parse-community/parse-server/releases/tag/5.3.3
- github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf
Detect and mitigate GMS-2022-6745 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →