4 matches found
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
CVE-2020-5251
CVE-2020-5251 affects parse-server prior to version 4.1.0. An insecure regex in NoSQL queries on the _sessionToken (and related token[$regex]) can disclose information by enumerating user objects, enabling an attacker to identify valid accounts. This is a information-disclosure flaw rather than r...
CVE-2020-5251 Information disclosure in parse-server
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...