Parse Server's custom object ID allows to acquire role privileges

Impact If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. Patches Improved validation for custom user object IDs...

PT-2024-32465 · Unknown · Parse Server

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.9 Parse Server versions prior to 7.3.0 Description: The issue arises when the Parse Server option allowCustomObjectId: true is set, allowing an attacker to create a new user with a custom object ID that...