8.7
CVE-2026-33538
- EPSS 0.41%
- Veröffentlicht 24.03.2026 18:24:51
- Zuletzt bearbeitet 25.03.2026 21:18:30
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginParse Server: Denial of service via unindexed database query for unconfigured auth providers
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured providers, each request triggers a full collection scan on the user database. This can be parallelized to saturate database resources. This issue has been patched in versions 8.6.58 and 9.6.0-alpha.52.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parseplatform ≫ Parse-server SwPlatformnode.js Version < 8.6.58
Parseplatform ≫ Parse-server SwPlatformnode.js Version >= 9.0.0 < 9.6.0
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha1 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha10 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha11 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha12 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha13 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha14 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha15 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha16 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha17 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha18 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha19 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha2 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha20 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha21 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha22 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha23 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha24 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha25 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha26 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha27 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha28 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha29 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha3 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha30 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha31 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha32 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha33 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha34 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha35 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha36 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha37 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha38 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha39 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha4 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha40 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha41 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha42 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha43 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha44 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha45 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha46 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha47 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha48 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha49 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha5 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha50 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha51 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha6 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha7 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha8 SwPlatformnode.js
Parseplatform ≫ Parse-server Version9.6.0 Updatealpha9 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.322 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
https://github.com/parse-community/parse-server/security/advisories/GHSA-g4cf-xj29-wqqr
https://github.com/parse-community/parse-server/pull/10270
https://github.com/parse-community/parse-server/pull/10271
https://github.com/parse-community/parse-server/commit/40eb442e02672986730007d0a1edb22c1c4bd357
https://github.com/parse-community/parse-server/commit/fbac847499e57f243315c5fc7135be1d58bb8e54