CVE Catalog

CVE-2021-47986

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability in Parse Server before version 4.10.0 stems from incorrect version tags pushed to the repository, pointing to unreviewed code from a personal fork. Attackers could exploit these tags in dependency declarations to execute unreviewed and potentially malicious code.

Risk Assessment

The organization may be exposed to unauthorized code execution in the production environment, potentially leading to data integrity compromise, information leakage, or system takeover.

Recommendation

Immediately update Parse Server to version 4.10.0 or later, verify the integrity of used dependencies, and avoid using unofficial forks.

Original NVD description (English source)

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS