CVE-2021-47986
published 2026-06-25CVE-2021-47986: Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a…
PriorityP344high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
0.12%
2.2th percentile
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| parse-community | parse-server | < 4.10.0 | 4.10.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
parse-community parse-server up to 4.9.x code download (GHSA-593v-wcqx-hq2w)
vuldb·2026-06-26·CVSS 7.5
CVE-2021-47986 [HIGH] parse-community parse-server up to 4.9.x code download (GHSA-593v-wcqx-hq2w)
A vulnerability was found in parse-community parse-server up to 4.9.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation results in download of code without integrity check.
This vulnerability was named CVE-2021-47986. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
GHSA
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork.
ghsa_unreviewed·2026-06-26
CVE-2021-47986 [HIGH] CWE-494 Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork.
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-25
Published