CVE-2021-39187: Improper Handling of Exceptional Conditions

September 2, 2021 (updated August 5, 2022)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes if a query request contains an invalid value for the explain option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch.

References

nvd.nist.gov/vuln/detail/CVE-2021-39187

Code Behaviors & Features

Detect and mitigate CVE-2021-39187 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →