Parse Server 安全漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.64 and 9.7.0-alpha.8. These vulnerabilities allowed attackers to send concurrent login...

GHSA-W73W-G5XW-RWHF Parse Server has an MFA single-use token bypass via concurrent authData login requests

Impact An attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery cod...