Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.8 views

CVE-2020-15270

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

4.3CVSS6.7AI score0.01151EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/10/27 7:15 p.m.3 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2020-15270 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2020-15270 Source advisory: OSV:GHSA-2XM2-XJ2Q-QGPJ...

4.3CVSS5.8AI score0.01151EPSS
Exploits0
Circl
Circl
added 2020/10/23 2:52 a.m.4 views

CVE-2020-15270

creationtimestamp| type| source ---|---|--- 2020-10-23 02:52:44+00:00| seen| https://t.me/cibsecurity/15542...

4.3CVSS4.6AI score0.01151EPSS
Exploits0References1
OSV
OSV
added 2020/10/22 10:15 p.m.19 views

CVE-2020-15270

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

4.3CVSS6.7AI score
Exploits0References3
NVD
NVD
added 2020/10/22 10:15 p.m.19 views

CVE-2020-15270

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

4.3CVSS0.01151EPSS
Exploits0References3
CVE
CVE
added 2020/10/22 9:25 p.m.63 views

CVE-2020-15270

Parse Server (parse-server) Vulnerability CVE-2020-15270: the Live Query mechanism allowed broadcasting subscription objects to clients with invalid/expired sessions because the session token validation was not enforced after the WebSocket connection was established. The issue is described in mul...

4.3CVSS4.4AI score0.01151EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/10/22 9:25 p.m.21 views

CVE-2020-15270 Improper session expiration in Parse Server

Parse Server npm package parse-server broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not...

4.3CVSS4.5AI score0.01151EPSS
Exploits0References3
Rows per page
Query Builder