Description
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication to prevent cleartext password storage.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/parse-community/parse-server/security/advisories/GHSA-4w46-w44m-3jq3
Patch, Third Party Advisory x_refsource_misc
https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/parse-community/parse-server/releases/tag/4.5.0
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/parse-server
Scores
CVSS v3
7.7
EPSS
0.0016
EPSS Percentile
36.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Details
CWE
CWE-312
Status
published
Products (2)
npm/parse-server
0 - 4.5.0npm
parseplatform/parse-server
< 4.5.0
Published
Dec 30, 2020
Tracked Since
Feb 18, 2026