Parseplatform: >> Parse-Server >> 2.7.0 Security Vulnerabilities
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.
CVSS Score
7.7
EPSS Score
0.003
Published
2020-03-04
parse-server before 3.4.1 allows DoS after any POST to a volatile class.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-29
parse-server before 3.6.0 allows account enumeration.
CVSS Score
5.3
EPSS Score
0.002
Published
2019-07-29