Vulnerabilities > Parseplatform

DATE CVE VULNERABILITY TITLE RISK
2021-08-19 CVE-2021-39138 Incorrect Authorization vulnerability in Parseplatform Parse-Server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
network
low complexity
parseplatform CWE-863
6.5
2020-12-30 CVE-2020-26288 Unspecified vulnerability in Parseplatform Parse-Server
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.
network
low complexity
parseplatform
6.5
2020-10-22 CVE-2020-15270 Operation on a Resource after Expiration or Release vulnerability in Parseplatform Parse-Server
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid.
network
low complexity
parseplatform CWE-672
4.3
2020-07-22 CVE-2020-15126 Incorrect Authorization vulnerability in Parseplatform Parse Server
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
network
low complexity
parseplatform CWE-863
6.5
2020-03-04 CVE-2020-5251 Incorrect Authorization vulnerability in Parseplatform Parse-Server
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query.
network
low complexity
parseplatform CWE-863
5.3
2019-07-29 CVE-2019-1020013 Information Exposure Through an Error Message vulnerability in Parseplatform Parse-Server
parse-server before 3.6.0 allows account enumeration.
network
low complexity
parseplatform CWE-209
5.3
2019-07-29 CVE-2019-1020012 HTTP Request Smuggling vulnerability in Parseplatform Parse-Server
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
network
low complexity
parseplatform CWE-444
7.5