Vulnerability Database
296,663
Total vulnerabilities in the database
CVE-2025-62374
Summary
Prototype pollution capabilities on various APIs.
Details
Injection of malicious payload allows attacker to remotely execute arbitrary code. Parse.Object and internal APIs are affected, specifically:
ParseObject.fromJSONParseObject.pinParseObject.registerSubclassObjectStateMutations(internal)encode/decode(internal)
PoC
Demonstrative tests added as part of the fix.
References
- https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3
- Patch https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1
| Software | From | Fixed in |
|---|---|---|
@fast-csv / parse
|
- | 7.0.0 |
- https://github.com/parse-community/Parse-SDK-JS/commit/00973987f361368659c0c4dbf669f3897520b132
- https://github.com/parse-community/Parse-SDK-JS/pull/2749
- https://github.com/parse-community/Parse-SDK-JS/releases/tag/7.0.0-alpha.1
- https://github.com/parse-community/Parse-SDK-JS/security/advisories/GHSA-9f2h-7v79-mxw3
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime