CVE-2021-47986
Parse Server - Unreviewed Code Execution via Malicious Version Tags
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
parse-community · parse-serverWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →