Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.6 views

CVE-2021-41109

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.4, for regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscriptio...

7.5CVSS6.7AI score0.01206EPSS
Exploits0
Circl
Circl
added 2021/09/30 6:13 p.m.8 views

CVE-2021-41109

creationtimestamp| type| source ---|---|--- 2021-09-30 18:13:23+00:00| seen| https://t.me/cibsecurity/29722...

7.5CVSS7.3AI score0.01206EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/09/30 5:9 p.m.6 views

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2021-41109 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2021-41109 Source advisory: OSV:GHSA-7PR3-P5FM-8R9X...

7.5CVSS7.1AI score0.01206EPSS
Exploits0
CVE
CVE
added 2021/09/30 3:10 p.m.73 views

CVE-2021-41109

CVE-2021-41109 refers to a vulnerability in Parse Server where, before version 4.10.4, LiveQuery payloads leaked session tokens for users with a LiveQuery subscription on the Parse.User class. The root cause is that LiveQuery payloads included session tokens while regular queries did not. The adv...

7.5CVSS7.5AI score0.01206EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder