Severity
High
Analysis Summary
CVE-2022-31112
Node.js parse-server module could allow a remote attacker to obtain sensitive information, caused by not removing protected fields in classes when passing to the client. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-31112
Affected Vendors
Node.js
Affected Products
Node.js parse-server 4.10.12
Node.js parse-server 5.2.3
Remediation
Refer to Parse Server GIT Repository for patch, upgrade or suggested workaround information.