CVE-2021-47987

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.

Vulnerability Details

Published Date

June 25, 2026

Last Modified

June 25, 2026

CWE ID

CWE-494

Source

NVD

Vendor

parse-community

Product

parse-server

External References

https://github.com/parse-community/parse-server/security/advisories/GHSA-593v-wcqx-hq2w
https://www.vulncheck.com/advisories/parse-server-arbitrary-code-execution-via-malicious-version-tags

CVE-2021-47987

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment