Skip to content

test: Add test to reproduce the issue 8317 #8318

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 7 commits into from
Closed

test: Add test to reproduce the issue 8317 #8318

wants to merge 7 commits into from

Conversation

AlbinIzi
Copy link

New Pull Request Checklist

Issue Description

Related issue: #8317

Approach

TODOs before merging

  • Add tests
  • Add changes to documentation (guides, repository pages, in-code descriptions)
  • Add security check
  • Add new Parse Error codes to Parse JS SDK
  • A changelog entry is created automatically using the pull request title (do not manually add a changelog entry)

mtrezza and others added 7 commits November 7, 2022 23:03
@mtrezza
fix: Remote code execution via MongoDB BSON parser through prototype …
50eed3c 
…pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8295)
@semantic-release-bot
chore(release): 5.3.1 [skip ci]
2458a8c 
## [5.3.1](parse-community/parse-server@5.3.0...5.3.1) (2022-11-07)

### Bug Fixes

* Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) ([parse-community#8295](parse-community#8295)) ([50eed3c](parse-community@50eed3c))
@mtrezza
fix: Parse Server option requestKeywordDenylist can be bypassed via…
6728da1 
… Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8302)
@semantic-release-bot
chore(release): 5.3.2 [skip ci]
3e983c4 
## [5.3.2](parse-community/parse-server@5.3.1...5.3.2) (2022-11-09)

### Bug Fixes

* Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) ([parse-community#8302](parse-community#8302)) ([6728da1](parse-community@6728da1))
@mtrezza
fix: Prototype pollution via Cloud Code Webhooks; fixes security vuln…
60c5a73 
…erability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8305)
@semantic-release-bot
chore(release): 5.3.3 [skip ci]
fd8a11b 
## [5.3.3](parse-community/parse-server@5.3.2...5.3.3) (2022-11-09)

### Bug Fixes

* Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) ([parse-community#8305](parse-community#8305)) ([60c5a73](parse-community@60c5a73))
@AlbinIzi
test: add test to reproduce the issue 8317
4a0e192
@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant
Copy link

The branch release can only be set as base branch by members of @parse-community/core-maintainers.

Pull requests are usually opened against the default branch alpha, which is the working branch. Different repositories may have base branches with different names. If you are sure you need to open this pull request against a different branch, please ask someone from the team mentioned above.

@parse-github-assistant parse-github-assistant bot changed the title test: add test to reproduce the issue 8317 test: Add test to reproduce the issue 8317 Nov 15, 2022
@parse-github-assistant parse-github-assistant bot changed the base branch from release to alpha November 15, 2022 11:47
@parse-github-assistant
Copy link

parse-github-assistant bot commented Nov 15, 2022
edited
Loading

Thanks for opening this pull request!

  • 🎉 We are excited about your hands-on contribution!

@AlbinIzi AlbinIzi changed the base branch from alpha to release November 15, 2022 11:47
@parse-github-assistant
Copy link

The branch release can only be set as base branch by members of @parse-community/core-maintainers.

Pull requests are usually opened against the default branch alpha, which is the working branch. Different repositories may have base branches with different names. If you are sure you need to open this pull request against a different branch, please ask someone from the team mentioned above.

@parse-github-assistant parse-github-assistant bot changed the base branch from release to alpha November 15, 2022 11:47
@AlbinIzi AlbinIzi closed this Nov 15, 2022
@AlbinIzi AlbinIzi deleted the test/8317-cannot-create-new-role branch November 15, 2022 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AlbinIzi @mtrezza @semantic-release-bot