Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Protected fields exposed via LiveQuery in parse-server
Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Parse Server 信息泄露漏洞
Vulnerability Description
Parse Server是一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server存在信息泄露漏洞,该漏洞源于解析服务器 LiveQuery 不会删除类中的受保护字段,而是将它们传递给客户端。
CVSS Information
N/A
Vulnerability Type
N/A