CVE-2023-36475

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 28, 2023

Updated: Jul 6, 2023

CWE ID 1321

Summary

CVE-2023-36475 is a vulnerability affecting Parse Server, an open source backend that can be deployed on Node.js infrastructure. Before versions 5.5.2 and 6.2.1, this vulnerability enables an attacker to execute remote code through the MongoDB BSON parser using prototype pollution sinks. This issue can be exploited to gain unauthorized access or execute malicious code on the targeted system. Users are advised to update to version 5.5.2 or 6.2.1 to apply the available patch and mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Parseplatform Parse-server

Affected Vendors

Parseplatform

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rz4DMc
https://www.cve.org/CVERecord?id=CVE-2023-36475
https://nvd.nist.gov/vuln/detail/CVE-2023-36475

Back to Vulnerability Database