CVE-2021-47986
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A vulnerability in Parse Server before version 4.10.0 stems from incorrect version tags pushed to the repository, pointing to unreviewed code from a personal fork. Attackers could exploit these tags in dependency declarations to execute unreviewed and potentially malicious code.
Risk Assessment
The organization may be exposed to unauthorized code execution in the production environment, potentially leading to data integrity compromise, information leakage, or system takeover.
Recommendation
Immediately update Parse Server to version 4.10.0 or later, verify the integrity of used dependencies, and avoid using unofficial forks.
Original NVD description (English source)
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.

