Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-06-30T16:40:13
Updated: 2024-08-03T07:11:39.403Z
Reserved: 2022-05-18T00:00:00
Link: CVE-2022-31112
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-30T17:15:07.977
Modified: 2024-11-21T07:03:55.237
Link: CVE-2022-31112
Redhat
No data.