7 matches found
CVE-2020-15270
Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2020-15270 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2020-15270 Source advisory: OSV:GHSA-2XM2-XJ2Q-QGPJ...
CVE-2020-15270
creationtimestamp| type| source ---|---|--- 2020-10-23 02:52:44+00:00| seen| https://t.me/cibsecurity/15542...
CVE-2020-15270
Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...
CVE-2020-15270
Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...
CVE-2020-15270
Parse Server (parse-server) Vulnerability CVE-2020-15270: the Live Query mechanism allowed broadcasting subscription objects to clients with invalid/expired sessions because the session token validation was not enforced after the WebSocket connection was established. The issue is described in mul...
CVE-2020-15270 Improper session expiration in Parse Server
Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...