Vulnerabilities > Parseplatform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-39187 | Improper Handling of Exceptional Conditions vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 7.5 |
| 2021-08-19 | CVE-2021-39138 | Incorrect Authorization vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 6.5 |
| 2020-12-30 | CVE-2020-26288 | Cleartext Storage of Sensitive Information vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 6.5 |
| 2020-10-22 | CVE-2020-15270 | Operation on a Resource after Expiration or Release vulnerability in Parseplatform Parse-Server Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. | 4.3 |
| 2020-07-22 | CVE-2020-15126 | Incorrect Authorization vulnerability in Parseplatform Parse Server In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | 6.5 |
| 2020-03-04 | CVE-2020-5251 | Incorrect Authorization vulnerability in Parseplatform Parse-Server In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. | 5.3 |
| 2019-07-29 | CVE-2019-1020013 | Information Exposure Through an Error Message vulnerability in Parseplatform Parse-Server parse-server before 3.6.0 allows account enumeration. | 5.3 |
| 2019-07-29 | CVE-2019-1020012 | HTTP Request Smuggling vulnerability in Parseplatform Parse-Server parse-server before 3.4.1 allows DoS after any POST to a volatile class. | 7.5 |