parse-community/parse-server

An express module providing a Parse-compatible API server.

Vulnerabilities

 1 via 1 paths

Dependencies

 447

Source

 GitHub

Commit

 5ab974dc

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

low severity

Insecure Encryption

  • Vulnerable module: request
  • Introduced through: @parse/push-adapter@3.4.1

Detailed paths

  • Introduced through: parse-server@parse-community/parse-server#5ab974dcd47906efb41edb6c709c4e078cabaa7f @parse/push-adapter@3.4.1 @parse/node-gcm@1.0.2 request@2.88.0

Overview

request is a simplified http request client.

Affected versions of this package are vulnerable to Insecure Encryption due to the usage of the insecure sha1 cipher.

Note: This library is deprecated.

Remediation

A fix was pushed into the master branch but not yet published.

References

Insecure Encryption vulnerability report