CNNVD-202512-2783 Information
CNNVD ID
CNNVD-202512-2783
Related CVE
- CNNVD Published: 2025-12-16
Description (Chinese)
Parse Server是Parse Platform开源的一个开源后端,可以部署到任何可以运行 Node.js 的基础设施。 Parse Server 8.6.2之前版本和9.1.1-alpha.1之前版本存在代码问题漏洞,该漏洞源于Instagram身份验证适配器存在SSRF漏洞,可能导致身份验证绕过。
Description (English)
Parse Server is an open source back end of the Parse Platform open source and can be deployed to any infrastructure that can operate Node.js. Prior to Parse Server 8.6.2 and before 9.1.1-alpha.1, there was a code problem loophole, which stemmed from the SSRF gap in the Instagram identification adaptor, which could lead to a circumvention of the authentication.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
Parse Platform
Published
2025-12-16
Last Modified
2026-02-24
References
https://github.com/parse-community/parse-server/pull/9988 https://github.com/parse-community/parse-server/pull/9989 https://github.com/parse-community/parse-server/security/advisories/GHSA-3f5f-xgrj-97pf
Patch
https://github.com/parse-community/parse-server/releases
Share on: