BIT-parse-2026-47248
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/parse/BIT-parse-2026-47248.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-parse-2026-47248
- Aliases
-
- CVE-2026-47248
- GHSA-8cph-rgr4-g5vj
- Published
- 2026-06-16T12:40:06.250Z
- Modified
- 2026-06-16T13:26:19.305510429Z
- Summary
- Parse Server: GraphQL "Did you mean" validation suggestions disclose schema to unauthenticated callers
- Details
-
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1, Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct class names, field names, argument names, mutation names, and input-object fields. This issue has been patched in versions 8.6.78 and 9.9.1.
- Database specific
{ "cpes": [ "cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / parse
Package
- Name
- parse
- Purl
- pkg:bitnami/parse
Severity
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator