CNNVD-202511-897 Information
CNNVD ID
CNNVD-202511-897
Related CVE
- CNNVD Published: 2025-11-10
Description (Chinese)
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 8.5.0-alpha.5之前版本存在安全漏洞,该漏洞源于允许任何客户端执行explain查询而不需要主密钥,可能导致数据库结构信息泄露。
Description (English)
Parse Server is an open source back end of the Parse Platform open source and can be deployed to any infrastructure that can operate Node.js. Prior to Parse Server 8.5.0-alpha.5, there was a security loophole that stemmed from allowing any client to perform an explain search without the need for a primary key, which could lead to the disclosure of database structure information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Parse Platform
Published
2025-11-10
Last Modified
2026-02-24
References
https://github.com/parse-community/parse-server/commit/4456b02280c2d8dd58b7250e9e67f1a8647b3452 https://github.com/parse-community/parse-server/pull/9890 https://github.com/parse-community/parse-server/security/advisories/GHSA-7cx5-254x-cgrq https://access.redhat.com/security/cve/cve-2025-64502
Patch
https://github.com/parse-community/parse-server/releases
Share on: