CVE-2021-47986

Summary

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.

Affected Software

VendorProductVersion RangeStatus
parse-communityparse-server0 < 4.10.0affected
parse-communityparse-server4.10.0unaffected

Weaknesses

  • CWE-494: Download of Code Without Integrity Check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References