Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter
Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the `apiURL` parameter in `authData`. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. This is fixed in versions 8.6.2 and 9.1.1-alpha.1 by hardcoding the Instagram Graph API URL `https://graph.instagram.com` and ignoring client-provided `apiURL` values. No known workarounds are available.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Parse Server 代码问题漏洞
Vulnerability Description
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 8.6.2之前版本和9.1.1-alpha.1之前版本存在代码问题漏洞,该漏洞源于Instagram身份验证适配器存在SSRF漏洞,可能导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A