7.5
CVE-2026-30972
- EPSS 0.06%
- Veröffentlicht 10.03.2026 20:48:47
- Zuletzt bearbeitet 11.03.2026 18:42:38
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior o 9.5.2-alpha.10 and 8.6.23, Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint (/batch) processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle multiple requests targeting a rate-limited endpoint into a single batch request to circumvent the configured rate limit. Any Parse Server deployment that relies on the built-in rate limiting feature is affected. This vulnerability is fixed in 9.5.2-alpha.10 and 8.6.23.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parseplatform ≫ Parse-server SwPlatformnode.js Version < 8.6.23
Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 9.0.0 < 9.5.2
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha1 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha2 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha3 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha4 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha5 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha6 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha7 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha8 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.5.2 Updatealpha9 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.186 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-799 Improper Control of Interaction Frequency
The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.