8.2
CVE-2026-32886
- EPSS 0.03%
- Veröffentlicht 18.03.2026 21:42:27
- Zuletzt bearbeitet 19.03.2026 17:21:45
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.24 and 8.6.47, remote clients can crash the Parse Server process by calling a cloud function endpoint with a crafted function name that traverses the JavaScript prototype chain of a registered cloud function handler, causing a stack overflow. The fix in versions 9.6.0-alpha.24 and 8.6.47 restricts property lookups during cloud function name resolution to own properties only, preventing prototype chain traversal from stored function handlers. There is no known workaround.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parseplatform ≫ Parse-server SwPlatformnode.js Version < 8.6.47
Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 9.0.0 < 9.6.0
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha1 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha10 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha11 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha12 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha13 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha14 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha15 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha16 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha17 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha18 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha19 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha2 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha20 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha21 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha22 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha23 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha3 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha4 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha5 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha6 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha7 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha8 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha9 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.079 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 8.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.