You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A security feature that rejects requests containing sensitive keywords was introduced in #7843. The detection algorithm has a bug that may produce false positives in certain cases, blocking valid, non-malicious requests and sending a 4xx HTTP error code.
The bug does not produce false negatives, which means the security protection is still intact.
Steps to reproduce
Configure Parse Server with option requestKeywordDenylist: [{ key: 'abc' }].
🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.
mtrezza
changed the title
Sensitive keyword detection may result in false positives
Sensitive keyword detection may produce false positives
Mar 24, 2022
New Issue Checklist
Issue Description
A security feature that rejects requests containing sensitive keywords was introduced in #7843. The detection algorithm has a bug that may produce false positives in certain cases, blocking valid, non-malicious requests and sending a 4xx HTTP error code.
The bug does not produce false negatives, which means the security protection is still intact.
Steps to reproduce
requestKeywordDenylist: [{ key: 'abc' }]
.Actual Outcome
The second
obj.save()
will be rejected.Expected Outcome
The second
obj.save()
should be resolved.Environment
Server
The text was updated successfully, but these errors were encountered: