Description
The setPassword method (http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.html#setPassword) stores the user’s password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all.
Recommendation
Update the parse package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.10.0
- Patched version(s): 2.10.0
References
Related Issues
- parse is vulnerable to prototype pollution - CVE-2025-57324
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- Prototype Pollution in node-forge - CVE-2020-7720
- nuxt Code Injection vulnerability - CVE-2023-3224
- Tags:
- npm
- parse
Anything's wrong? Let us know Last updated on January 09, 2023