BIT-PARSE-2026-32234 Parse Server has a SQL injection via query field name when using PostgreSQL
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL a...