QSearchQSearch

CVE-2021-39187

7.5 HIGH

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js

Published: 2021-09-02 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-74, CWE-755

Affected products

VendorProduct
parseplatformparse-server

Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-43930 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js (5.9 MEDIUM)
  • CVE-2021-41109 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js (7.5 HIGH)
  • CVE-2021-39138 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js (4.8 MEDIUM)

Same CWE

  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
  • CVE-2026-12188 A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)