CNNVD-202511-787 Information
CNNVD ID
CNNVD-202511-787
Related CVE
- CNNVD Published: 2025-11-07
Description (Chinese)
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 4.2.0版本至7.5.3版本和8.0.0版本至8.3.1-alpha.1版本存在代码问题漏洞,该漏洞源于文件上传功能中uri参数处理不当,可能导致服务端请求伪造攻击。
Description (English)
Parse Server is an open source back end of the Parse Platform open source and can be deployed to any infrastructure that can operate Node.js. Parse Server 4.2.0 to 7.5.3 and 8.0.0 to 8.3.1-alpha.1 had a code gap, which stemmed from the mishandling of the uri parameters in the document upload function, which could lead to a request by the service side for a false attack.
Hazard Level
Medium
Vulnerability Type
代码问题
Affected Vendor
Parse Platform
Published
2025-11-07
Last Modified
2026-02-24
References
https://github.com/parse-community/parse-server/commit/8bbe3efbcf4a3b66f4a8db9bfb18cd98c050db51 https://github.com/parse-community/parse-server/commit/97763863b72689a29ad7a311dfb590c3e3c50585 https://github.com/parse-community/parse-server/pull/9903 https://github.com/parse-community/parse-server/pull/9904 https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx https://access.redhat.com/security/cve/cve-2025-64430
Patch
https://github.com/parse-community/parse-server/releases
Share on: