admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-36475.md
0xMarcio 8932a8488d Update CVE sources 2024-06-08 09:32
2024-06-08 09:32:58 +00:00

920 B
Raw Permalink Blame History

CVE-2023-36475

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.

POC

Reference

No PoCs from references.

Github