Description
The setPassword method (http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.html#setPassword) stores the user’s password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all.
Recommendation
Update the parse package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.10.0
- Patched version(s): 2.10.0
References
Related Issues
- parse is vulnerable to prototype pollution - CVE-2025-57324
- Prototype Pollution in node-forge - CVE-2020-7720
- nuxt Code Injection vulnerability - CVE-2023-3224
- QooxDoo XSS in Callback Parameter - CVE-2011-1714
- Tags:
- npm
- parse
Anything's wrong? Let us know Last updated on January 09, 2023