CVE-2021-47987
published 2026-06-25CVE-2021-47987: Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an…
PriorityP345high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
0.12%
2.2th percentile
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| parse-community | parse-server | < 4.10.0 | 4.10.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
parse-community parse-server up to 4.9.x code download (GHSA-593v-wcqx-hq2w)
vuldb·2026-06-26·CVSS 7.5
CVE-2021-47987 [HIGH] parse-community parse-server up to 4.9.x code download (GHSA-593v-wcqx-hq2w)
A vulnerability was found in parse-community parse-server up to 4.9.x. It has been rated as problematic. This issue affects some unknown processing. This manipulation causes download of code without integrity check.
The identification of this vulnerability is CVE-2021-47987. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is advised.
GHSA
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with
ghsa_unreviewed·2026-06-26
CVE-2021-47987 [HIGH] CWE-494 Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it defined a git-based dependency referencing one of the affected tags (for example, parse-server#4.9.3). The code behind the tags was not reviewed or approved, and although no malicious code was identified, the introduction of security vulnerabilities could not be ruled out.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-25
Published