Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.10 views

CVE-2026-33163

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.35 and 8.6.50, when a Parse.Cloud.afterLiveQueryEvent trigger is registered for a class, the LiveQuery server leaks protected fields and authData to all subscribers of that...

8.2CVSS5.8AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 11:37 a.m.5 views

BIT-PARSE-2026-33163 Parse Server leaks protected fields via LiveQuery afterEvent trigger

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0 and 8.6.50, when a Parse.Cloud.afterLiveQueryEvent trigger is registered for a class, the LiveQuery server leaks protected fields and authData to all subscribers of that class...

8.2CVSS5.8AI score0.00421EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/18 7:49 p.m.3 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the afterLiveQueryEvent trigger. An attacker can access sensitive protected fields and authenticati...

8.2CVSS5.8AI score0.00421EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/18 7:49 p.m.7 views

Parse Server leaks protected fields via LiveQuery afterEvent trigger

Impact When a Parse.Cloud.afterLiveQueryEvent trigger is registered for a class, the LiveQuery server leaks protected fields and authData to all subscribers of that class. Fields configured as protected via Class-Level Permissions protectedFields are included in LiveQuery event payloads for all...

8.2CVSS5.8AI score0.00421EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/18 7:49 p.m.5 views

GHSA-5HMJ-JCGP-6HFF Parse Server leaks protected fields via LiveQuery afterEvent trigger

Impact When a Parse.Cloud.afterLiveQueryEvent trigger is registered for a class, the LiveQuery server leaks protected fields and authData to all subscribers of that class. Fields configured as protected via Class-Level Permissions protectedFields are included in LiveQuery event payloads for all...

8.2CVSS5.8AI score0.00421EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/06/30 12:0 a.m.4 views

PT-2022-20537 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server affected versions not specified Description: The issue concerns Parse Server LiveQuery, which in affected versions does not remove protected fields in classes, passing them to the client. This has been addressed by the...

8.2CVSS8AI score0.01211EPSS
Exploits0References15
Rows per page
Query Builder