Parseplatform: >> Parse-Server >> 4.0.0 Security Vulnerabilities
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.
CVSS Score
7.7
EPSS Score
0.003
Published
2020-03-04