CVE-2025-62374 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attack…
Medium CVSS: 6.4

CVE-2025-62374

Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal) are affected. This vulnerability is fixed in 7.0.0.
Vendor
-
Product
-
CWE
CWE-1321
Yayın Tarihi
2025-10-14 20:15:53
Güncelleme
2025-10-16 15:29:11
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-1321 MEDIUM 2025

Referanslar

https://github.com/parse-community/Parse-SDK-JS/commit/00973987f361368659c0c4dbf669f3897520b132 https://github.com/parse-community/Parse-SDK-JS/pull/2749 https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1 https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3