parse-server – Supply Chain Incident (CVE-2021-47987) | Uganda National Computer Emergency Response Team-National Cert

Scope: parse-server, Git-Based Dependencies Referencing Unreviewed Tag v4.9.3

Severity: Medium

A supply chain vulnerability in parse-server occurred when a repository contributor with write access pushed incorrect version tags that pointed directly to an unreviewed personal code fork. While the injection of malicious code has not been confirmed, the inclusion of unvetted and unreviewed commits within production workflows could introduce silent backdoors, security bypasses, or software instability. Organizations using git-based dependency strings within their build pipelines may have deployed untrusted code, endangering the overall confidentiality and integrity of their runtime environments. Affected organizations must upgrade to parse-server version 4.10.0 or later immediately, audit all project package lockfiles using Software Composition Analysis (SCA) tools, and ensure that all git-based dependencies strictly reference official, cryptographically verified upstream tags.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the GitHub Security Advisory for Parse Server and apply the necessary updates.

parse-server – Supply Chain Incident (CVE-2021-47987)

CVE-2026-57620 in Exclusive Addons Elementor Plugin

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

parse-server – Supply Chain Incident (CVE-2021-47987)

RELATED ADVISORIES

CVE-2026-57620 in Exclusive Addons Elementor Plugin

Recent Advisories

Categories