CNNVD-202509-3776 Information

Sep 24, 2025 cve

CNNVD ID

CNNVD-202509-3776

CVE-2025-57324

CNNVD Published: 2025-09-24

Description (Chinese)

parse-server是Parse Platform开源的一个 Node.js/Express 解析服务器。 parse-server 5.3.0及之前版本存在安全漏洞，该漏洞源于SingleInstanceStateController.initializeState函数存在原型污染，攻击者可通过特制有效载荷注入Object.prototype属性，可能导致拒绝服务。

Description (English)

Parse-server is a Node.js/Express parser for Parse Platform open source. There is a security loophole in parse-server 5.3.0 and earlier versions, which stems from the prototype contamination of the SingleInstance StateController.initiallyzestate function, where the assailant can inject the object.prototype properties with a special payload, which may lead to the denial of service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Pat Infinite Solutions

Published

2025-09-24

Last Modified

2026-02-24

References

https://github.com/VulnSageAgent/PoCs/blob/main/JavaScript/prototype-pollution/parse%405.3.0/index.js https://github.com/VulnSageAgent/PoCs/tree/main/JavaScript/prototype-pollution/CVE-2025-57324

Share on: