Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: Remote code execution via MongoDB BSON parser through prototype pollution #8296

Merged
merged 1 commit into from
Nov 7, 2022
Merged

fix: Remote code execution via MongoDB BSON parser through prototype pollution #8296

merged 1 commit into from
Nov 7, 2022

Conversation

mtrezza
Copy link
Member

@mtrezza mtrezza commented Nov 7, 2022
edited
Loading

Fixes security vulnerability GHSA-prm5-8g2m-24gg

@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title fix: release-4.x.x-24gg fix: Release-4.x.x-24gg Nov 7, 2022
@parse-github-assistant
Copy link

parse-github-assistant bot commented Nov 7, 2022
edited
Loading

Thanks for opening this pull request!

  • ❌ Please edit your post and use the provided template when creating a new pull request. This helps everyone to understand your post better and asks for essential information to quicker review the pull request.

@codecov
Copy link

codecov bot commented Nov 7, 2022
edited
Loading

Codecov Report

Base: 93.82% // Head: 83.74% // Decreases project coverage by -10.07% ⚠️

Coverage data is based on head (38da42e) compared to base (8580a52).
Patch coverage: 95.23% of modified lines in pull request are covered.

❗ Current head 38da42e differs from pull request most recent head c245589. Consider uploading reports for the commit c245589 to get more accurate results

Additional details and impacted files 
@@                Coverage Diff                 @@
##           release-4.x.x    #8296       +/-   ##
==================================================
- Coverage          93.82%   83.74%   -10.08%     
==================================================
  Files                170      170               
  Lines              12502    12553       +51     
==================================================
- Hits               11730    10513     -1217     
- Misses               772     2040     +1268
Impacted Files Coverage Δ
src/Adapters/Auth/spotify.js 62.50% <60.00%> (-17.50%) ⬇️
src/Adapters/Auth/facebook.js 83.33% <80.00%> (-3.63%) ⬇️
src/Adapters/Files/GridFSBucketAdapter.js 93.43% <90.00%> (+13.92%) ⬆️
src/Controllers/DatabaseController.js 95.17% <100.00%> (-0.04%) ⬇️
src/LiveQuery/ParseCloudCodePublisher.js 100.00% <100.00%> (ø)
src/LiveQuery/ParseLiveQueryServer.js 95.18% <100.00%> (+0.14%) ⬆️
src/RestQuery.js 95.60% <100.00%> (+0.08%) ⬆️
src/RestWrite.js 93.62% <100.00%> (-0.14%) ⬇️
src/Routers/FilesRouter.js 91.60% <100.00%> (+4.53%) ⬆️
...dapters/Cache/RedisCacheAdapter/KeyPromiseQueue.js 0.00% <0.00%> (-95.46%) ⬇️
... and 17 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mtrezza mtrezza changed the title fix: Release-4.x.x-24gg fix: Remote code execution via MongoDB BSON parser through prototype pollution Nov 7, 2022
@mtrezza mtrezza merged commit 47cfeee into parse-community:release-4.x.x Nov 7, 2022
parseplatformorg pushed a commit that referenced this pull request Nov 7, 2022
@semantic-release-bot
chore(release): 4.10.18 [skip ci]
3534652 
## [4.10.18](4.10.17...4.10.18) (2022-11-07)

### Bug Fixes

* Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) ([#8296](#8296)) ([47cfeee](47cfeee))
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 4.10.18

@parseplatformorg parseplatformorg added the state:released-4.x.x Released as LTS version label Nov 7, 2022
@mtrezza mtrezza deleted the fix-release-4.x.x-24gg branch November 9, 2022 18:13
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
state:released-4.x.x Released as LTS version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mtrezza @parseplatformorg