VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-snjw-mw25-z7bg

Essentials
Severities (25)
References (11)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-snjw-mw25-z7bg
Aliases	CVE-2022-41879 GHSA-93vw-8fm5-p2jf GMS-2022-6745
Summary	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2022-41879
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2022-41879
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2022-41879
epss	0.00462	https://api.first.org/data/v1/epss?cve=CVE-2022-41879
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-93vw-8fm5-p2jf
cvssv3.1	7.2	https://github.com/parse-community/parse-server
generic_textual	HIGH	https://github.com/parse-community/parse-server
cvssv3.1	7.2	https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8
generic_textual	HIGH	https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8
cvssv3.1	7.2	https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4
generic_textual	HIGH	https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4
cvssv3.1	7.2	https://github.com/parse-community/parse-server/pull/8305
generic_textual	HIGH	https://github.com/parse-community/parse-server/pull/8305
cvssv3.1	7.2	https://github.com/parse-community/parse-server/pull/8306
generic_textual	HIGH	https://github.com/parse-community/parse-server/pull/8306
cvssv3.1	7.2	https://github.com/parse-community/parse-server/releases/tag/4.10.20
generic_textual	HIGH	https://github.com/parse-community/parse-server/releases/tag/4.10.20
cvssv3.1	7.2	https://github.com/parse-community/parse-server/releases/tag/5.3.3
generic_textual	HIGH	https://github.com/parse-community/parse-server/releases/tag/5.3.3
cvssv3.1	7.2	https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf
cvssv3.1_qr	HIGH	https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf
generic_textual	HIGH	https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf
ssvc	Track	https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf
cvssv3.1	7.2	https://nvd.nist.gov/vuln/detail/CVE-2022-41879
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-41879

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-41879
		https://github.com/parse-community/parse-server
		https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8
		https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4
		https://github.com/parse-community/parse-server/pull/8305
		https://github.com/parse-community/parse-server/pull/8306
		https://github.com/parse-community/parse-server/releases/tag/4.10.20
		https://github.com/parse-community/parse-server/releases/tag/5.3.3
CVE-2022-41879		https://nvd.nist.gov/vuln/detail/CVE-2022-41879
GHSA-93vw-8fm5-p2jf		https://github.com/advisories/GHSA-93vw-8fm5-p2jf
GHSA-93vw-8fm5-p2jf		https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/commit/60c5a73d257e0d536056b38bdafef8b7130524d8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/commit/6c63f04ba37174021082a5b5c4ba1556dcc954f4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/pull/8305

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/pull/8306

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/releases/tag/4.10.20

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/releases/tag/5.3.3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:46:47Z/ Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41879

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.64675
EPSS Score	0.00462
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T17:40:49.311571+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2022/41xxx/CVE-2022-41879.json	38.6.0