Lucene search

K
osvGoogleOSV:CVE-2020-15270
HistoryOct 22, 2020 - 10:15 p.m.

CVE-2020-15270

2020-10-2222:15:12
Google
osv.dev
4
cve-2020-15270
parse server
npm package
events
session token
validity
clients
expired sessions
subscription objects
patch

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

25.8%

Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched.

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

25.8%

Related for OSV:CVE-2020-15270