CVE-2022-31112

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31112

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31112.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31112

Aliases

Published

2022-06-30T16:40:13Z

Modified

2025-11-04T20:02:08.644412Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

Protected fields exposed via LiveQuery in parse-server

Details

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use Parse.Cloud.afterLiveQueryEvent to manually remove protected fields.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Git / github.com/parse-community/parse-server

Affected ranges

Type

GIT

Repo

https://github.com/parse-community/parse-server

Events

Introduced

Fixed

4748e9bbd37f7b098d41df3c70cbade4086380a8

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.10.13"
        }
    ]
}

Type

GIT

Repo

https://github.com/parse-community/parse-server

Events

Introduced

46c9a91627a0503f0364c4cc1cc9bba3c6a86d65

Fixed

e42be5c526fc1389fbf3964c24a6b6a29b075522

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.2.4"
        }
    ]
}

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.2.0

2.2.1

2.2.10

2.2.11

2.2.12

2.2.13

2.2.14

2.2.15

2.2.16

2.2.17

2.2.18

2.2.19

2.2.2

2.2.20

2.2.21

2.2.22

2.2.23

2.2.24

2.2.25

2.2.25-beta.1

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

2.2.8

2.2.9

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8

2.4.0

2.4.1

2.4.2

2.5.0

2.5.1

2.5.2

2.5.3

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.6.5

2.7.0

2.7.1

2.7.2

2.7.3

2.7.4

2.8.0

2.8.2

3.*

3.0.0

3.1.0

3.1.1

3.1.2

3.1.3

3.10.0

3.2.0

3.2.1

3.2.2

3.2.3

3.3.0

3.4.0

3.4.1

3.5.0

3.6.0

3.7.0

3.7.1

3.7.2

3.8.0

3.9.0

4.*

4.0.0

4.0.1

4.0.2

4.1.0

4.10.0

4.10.1

4.10.10

4.10.11

4.10.12

4.10.2

4.10.3

4.10.4

4.10.5

4.10.6

4.10.7

4.10.8

4.10.9

4.2.0

4.3.0

4.4.0

4.5.0

4.5.2

5.*

5.0.0

5.0.0-alpha.10

5.0.0-alpha.11

5.0.0-alpha.12

5.0.0-alpha.13

5.0.0-alpha.14

5.0.0-alpha.15

5.0.0-alpha.16

5.0.0-alpha.17

5.0.0-alpha.18

5.0.0-alpha.19

5.0.0-alpha.20

5.0.0-alpha.21

5.0.0-alpha.22

5.0.0-alpha.23

5.0.0-alpha.24

5.0.0-alpha.25

5.0.0-alpha.26

5.0.0-alpha.27

5.0.0-alpha.28

5.0.0-alpha.29

5.0.0-alpha.6

5.0.0-alpha.7

5.0.0-alpha.8

5.0.0-alpha.9

5.0.0-beta.10

5.1.0

5.1.1

5.2.0

5.2.0-alpha.1

5.2.0-alpha.2

5.2.0-alpha.3

5.2.0-beta.1

5.2.0-beta.2

5.2.1

5.2.2

5.2.3