CVE-2026-34574 in parse-community parse-server정보

요약 (영어)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields (expiresAt, createdWith) by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length policies. This issue has been patched in versions 8.6.69 and 9.7.0-alpha.14.

책임이 있는

GitHub_M

예약하다

2026. 03. 30.

공개

2026. 03. 31.

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디	취약성	CWE	악용	대책	CVE
354421	parse-community parse-server Session Update 권한 상승	697	정의되지 않음	공식 수정	CVE-2026-34574

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

◂ 이전개요다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!