Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Crash server with query parameter
Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Parse Server 注入漏洞
Vulnerability Description
Parse Server是一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 4.10.3之前版本存在注入漏洞,如果查询请求包含“explain”选项的无效值,则解析服务器会崩溃。该漏洞源于MongoDB Node.js驱动程序中存在的一个错误,该错误引发了解析服务器无法捕获的异常。4.10.3版本中有针对此问题的修补程序。除了升级之外,目前还没有其他解决办法
CVSS Information
N/A
Vulnerability Type
N/A