BIT-parse-2021-39187

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/parse/BIT-parse-2021-39187.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-parse-2021-39187
Aliases
Published
2024-03-06T11:03:39.683Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist.

References

Affected packages

Bitnami / parse

Package

Name
parse
Purl
pkg:bitnami/parse

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.3