CNNVD-202507-1503 Information
CNNVD ID
CNNVD-202507-1503
Related CVE
- CNNVD Published: 2025-07-10
Description (Chinese)
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 5.3.0至7.5.3之前版本和8.2.2之前版本存在安全漏洞,该漏洞源于GraphQL API未验证会话令牌或主密钥。
Description (English)
Parse Server is an open source back end of the Parse Platform open source and can be deployed to any infrastructure that can operate Node.js. Parse Server 5.3.0-7.5.3 and 8.2.2 have a security loophole, which originates from the failure of GraphQL API to verify the message token or primary key.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Parsons
Published
2025-07-10
Last Modified
2026-02-24
References
https://github.com/parse-community/parse-server/security/advisories/GHSA-48q3-prgv-gm4w https://github.com/parse-community/parse-server/pull/9819 https://github.com/parse-community/parse-server/pull/9820 https://nvd.nist.gov/vuln/detail/CVE-2025-53364
Patch
https://github.com/parse-community/parse-server/releases
Share on: