refactor: Prototype pollution via Cloud Code Webhooks #8307
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I will reformat the title to use the proper commit message syntax. |
Thanks for opening this pull request!
|
mtrezza
changed the title
mtrezza
changed the title
Codecov ReportBase: 94.13% // Head: 94.13% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## beta #8307 +/- ##
==========================================
- Coverage 94.13% 94.13% -0.01%
==========================================
Files 182 182
Lines 13785 13785
==========================================
- Hits 12977 12976 -1
- Misses 808 809 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
🎉 This change has been released in version 5.4.0 |
|
🎉 This change has been released in version 5.4.0 |
mtrezza
added a commit
to mtrezza/parse-server
that referenced
this pull request
Jan 31, 2023
* release: docs: remove "skip release" entries from changelog chore(release): 5.4.0 [skip ci] refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8307) chore(release): 5.3.3 [skip ci] fix: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8305) chore(release): 5.3.2 [skip ci] refactor: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8303) fix: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8302) refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8298) chore(release): 5.3.1 [skip ci] fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8295)
mtrezza
added a commit
to mtrezza/parse-server
that referenced
this pull request
Jan 31, 2023
* beta: docs: remove "skip release" entries from changelog chore(release): 5.4.0 [skip ci] refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8307) chore(release): 5.3.3 [skip ci] fix: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8305) chore(release): 5.3.2 [skip ci] refactor: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8303) fix: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8302) refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8298) chore(release): 5.3.1 [skip ci] fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8295)
|
🎉 This change has been released in version 6.0.0-alpha.31 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes security vulnerability GHSA-93vw-8fm5-p2jf