5 matches found
CVE-2026-33498
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...
CVE-2026-33498
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP request with a deeply nested query containing logical operators to permanently hang the Parse Server...
PT-2026-26782
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.55 Parse Server versions prior to 9.6.0-alpha.44 Description An unauthenticated attacker can send a crafted HTTP request with a deeply nested query containing logical operators, causing the Parse Server proce...
CVE-2026-32944 Parse Server crash via deeply nested query condition operators
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...
GHSA-9XP9-J92R-P88V Parse Server crash via deeply nested query condition operators
Impact An unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the server and denies service to all connected clients. Patches A depth limit for query condition operator nesting has been added via the...