Vulnerabilities > Parseplatform > Parse Server > 2.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-22 | CVE-2020-15270 | Operation on a Resource after Expiration or Release vulnerability in Parseplatform Parse-Server Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. | 4.3 |
2020-03-04 | CVE-2020-5251 | Incorrect Authorization vulnerability in Parseplatform Parse-Server In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. | 5.3 |
2019-07-29 | CVE-2019-1020013 | Information Exposure Through an Error Message vulnerability in Parseplatform Parse-Server parse-server before 3.6.0 allows account enumeration. | 5.3 |
2019-07-29 | CVE-2019-1020012 | HTTP Request Smuggling vulnerability in Parseplatform Parse-Server parse-server before 3.4.1 allows DoS after any POST to a volatile class. | 7.5 |