What is CVE-2022-31112?

CVE-2022-31112 is a high-severity vulnerability in Parse-community Parse-server, classified under Information Disclosure. CVSS score: 8.2/10. Published 2022-06-30.

How severe is CVE-2022-31112?

High severity. CVSS v3 base score is 8.2 out of 10.

Information disclosure in Parse-community Parse-server

CVE-2022-31112

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryContr…

Vulnerability class: Information Disclosure

EPSS: 0.006 (69.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N.

Affected products

Parse-community Parse-server — versions < 4.10.13, >= 5.0.0, < 5.2.4

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh (x_refsource_CONFIRM)
github.com/parse-community/parse-server/issues/8073 (x_refsource_MISC)
github.com/parse-community/parse-server/pull/8074 (x_refsource_MISC)
github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f150… (x_refsource_MISC)
github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43… (x_refsource_MISC)
github.com/parse-community/parse-server/releases/tag/5.2.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31112?: CVE-2022-31112 is a high-severity vulnerability in Parse-community Parse-server, classified under Information Disclosure. CVSS score: 8.2/10. Published 2022-06-30.
How severe is CVE-2022-31112?: High severity. CVSS v3 base score is 8.2 out of 10.