GMS-2022-6626: Duplicate of ./npm/parse-server/CVE-2022-41878.yml
Keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the requestKeywordDenylist option.
References
- github.com/advisories/GHSA-xprv-wvh7-qqqx
- github.com/parse-community/parse-server/commit/0a2d412e265992d53a670011afd9d2578562adc3
- github.com/parse-community/parse-server/commit/6728da1e3591db1e27031d335d64d8f25546a06f
- github.com/parse-community/parse-server/pull/8301
- github.com/parse-community/parse-server/pull/8302
- github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx
Code Behaviors & Features
Detect and mitigate GMS-2022-6626 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →