mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
Add CVE-2022-31112 for GHSA-crrq-vr9j-fxxh
Add CVE-2022-31112 for GHSA-crrq-vr9j-fxxh
This commit is contained in:
parent
846a8bcc7a
commit
db7ce41784
@ -1,18 +1,111 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security-advisories@github.com",
|
||||
"ID": "CVE-2022-31112",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"STATE": "PUBLIC",
|
||||
"TITLE": "Protected fields exposed via LiveQuery in parse-server"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "parse-server",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "< 4.10.13"
|
||||
},
|
||||
{
|
||||
"version_value": ">= 5.0.0, < 5.2.4"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "parse-community"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields."
|
||||
}
|
||||
]
|
||||
},
|
||||
"impact": {
|
||||
"cvss": {
|
||||
"attackComplexity": "LOW",
|
||||
"attackVector": "NETWORK",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 8.2,
|
||||
"baseSeverity": "HIGH",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"userInteraction": "NONE",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
|
||||
"version": "3.1"
|
||||
}
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/parse-community/parse-server/issues/8073",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/parse-community/parse-server/issues/8073"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/parse-community/parse-server/pull/8074",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/parse-community/parse-server/pull/8074"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/parse-community/parse-server/releases/tag/5.2.4",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/parse-community/parse-server/releases/tag/5.2.4"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"advisory": "GHSA-crrq-vr9j-fxxh",
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user