CVE-2023-41058

Summary

CVE-2023-41058 affects Parse Server, an open-source backend server. In certain query conditions, the `beforeFind` trigger in `Parse.Query` is not invoked, creating a vulnerability for deployments utilizing this trigger as a security measure. This issue, which has been remedied by refactoring the internal query pipeline and patching the `beforeFind` trigger, was addressed in commit `be4c7e23c6`. Releases 6.2.2 and 5.5.5 include this fix. To mitigate risk until upgrade, users should employ Parse Server's security features, such as Class-Level Permissions and Object-Level Access Control.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.