Vulnerabilities > Parseplatform > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-30 | CVE-2023-32689 | Unrestricted Upload of File with Dangerous Type vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 6.5 |
| 2022-06-27 | CVE-2022-31089 | Use of Incorrectly-Resolved Name or Reference vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 5.0 |
| 2022-05-04 | CVE-2022-24901 | Improper Certificate Validation vulnerability in Parseplatform Parse-Server Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. | 5.0 |
| 2021-09-30 | CVE-2021-41109 | Information Exposure vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 4.3 |
| 2021-09-02 | CVE-2021-39187 | Improper Handling of Exceptional Conditions vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 5.0 |
| 2021-08-19 | CVE-2021-39138 | Incorrect Authorization vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 6.4 |
| 2020-12-30 | CVE-2020-26288 | Cleartext Storage of Sensitive Information vulnerability in Parseplatform Parse-Server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. | 4.0 |
| 2020-10-22 | CVE-2020-15270 | Operation on a Resource after Expiration or Release vulnerability in Parseplatform Parse-Server Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. | 4.0 |
| 2020-07-22 | CVE-2020-15126 | Incorrect Authorization vulnerability in Parseplatform Parse Server In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object. | 4.0 |
| 2020-03-04 | CVE-2020-5251 | Incorrect Authorization vulnerability in Parseplatform Parse-Server In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. | 5.0 |