CVE-2024-47183

CVSS V2 None CVSS V3 None
Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. This vulnerability is fixed in 6.5.9 and 7.3.0.
Overview
  • CVE ID
  • CVE-2024-47183
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-04T15:06:45.274Z
  • Last Modified Date
  • 2024-10-04T15:30:37.224Z
History
Created Old Value New Value Data Type Notes
2024-10-07 03:38:15 Added to TrackCVE