What is CVE-2023-41058?

CVE-2023-41058 is a high-severity vulnerability in Parse-community Parse-server, classified under Always-Incorrect Control Flow Implementation. CVSS score: 7.5/10. Published 2023-09-04.

How severe is CVE-2023-41058?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Parse-community Parse-server

CVE-2023-41058

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger `beforeFind` is not invoked in certain conditions of `Parse.Query`. This can pose a vulnerability for deployments where the `beforeFind` trigger is…

EPSS: 0.003 (50.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Parse-community Parse-server — versions >= 1.0.0, < 5.5.5, >= 6.0.0, < 6.2.2

Weakness classification (CWE)

CWE-670 — Always-Incorrect Control Flow Implementation

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q (x_refsource_CONFIRM)
https://github.com/parse-community/parse-server/commit/be4c7e23c63a2fb690685665cebed0de26be05c5 (x_refsource_MISC)
https://docs.parseplatform.org/parse-server/guide/#security (x_refsource_MISC)
https://github.com/parse-community/parse-server/releases/tag/5.5.5 (x_refsource_MISC)
https://github.com/parse-community/parse-server/releases/tag/6.2.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-41058?: CVE-2023-41058 is a high-severity vulnerability in Parse-community Parse-server, classified under Always-Incorrect Control Flow Implementation. CVSS score: 7.5/10. Published 2023-09-04.
How severe is CVE-2023-41058?: High severity. CVSS v3 base score is 7.5 out of 10.