Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.
References
Configurations
No configuration.
History
25 Jun 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 22:16
Updated : 2026-06-26 20:22
NVD link : CVE-2021-47987
Mitre link : CVE-2021-47987
CVE.ORG link : CVE-2021-47987
JSON object : View
Products Affected
No product.
CWE
CWE-494
Download of Code Without Integrity Check
