3 matches found
CVE-2026-30962
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.6 and 8.6.19, the validation for protected fields only checks top-level query keys. By wrapping a query constraint on a protected field inside a logical operator, the check...
CVE-2026-30962
Parse Server is vulnerable prior to versions 9.5.2-alpha.6 and 8.6.19 due to a flawed protection check that only validates top-level query keys for protected fields. By wrapping a query constraint on a protected field inside a logical operator, the check is bypassed, allowing any authenticated us...
PT-2026-24455
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.6 Parse Server versions prior to 8.6.19 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its validation process for protected fields. The...