Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parse Server has a rate limit bypass via batch request endpoint
Vulnerability Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint (/batch) processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle multiple requests targeting a rate-limited endpoint into a single batch request to circumvent the configured rate limit. Any Parse Server deployment that relies on the built-in rate limiting feature is affected. This vulnerability is fixed in 9.5.2-alpha.10 and 8.6.23.
CVSS Information
N/A
Vulnerability Type
交互频率的控制不恰当
Vulnerability Title
Parse Server 安全漏洞
Vulnerability Description
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 9.5.2-alpha.10之前版本和8.6.23之前版本存在安全漏洞,该漏洞源于批处理请求端点绕过速率限制中间件,可能导致攻击者通过捆绑请求来规避配置的速率限制。
CVSS Information
N/A
Vulnerability Type
N/A