Parse Javascript SDK vulnerable to prototype pollution in `Parse.Object` and internal APIs

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal) are affected. This vulnerability is fixed in 7.0.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L

CWE-1321

Parse-SDK-JS 安全漏洞

Parse-SDK-JS是Parse Platform开源的一个用于解析平台的开发者工具包。 Parse-SDK-JS 7.0.0之前版本存在安全漏洞，该漏洞源于注入恶意有效载荷，可能导致远程执行任意代码。

N/A

N/A