1608 matches found
CVE-2019-1020012
parse-server before 3.4.1 allows DoS after any POST to a volatile class...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2019-1020013 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2019-1020013 Source advisory: OSV:GHSA-8W3J-G983-8JH5...
Sensitive Data Exposure in parse-server
Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...
GHSA-8W3J-G983-8JH5 Sensitive Data Exposure in parse-server
Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2019-1020012 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2019-1020012 Source advisory: OSV:GHSA-2479-QVV7-47QQ...
GHSA-2479-QVV7-47QQ Parse Server before v3.4.1 vulnerable to Denial of Service
Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...
Parse Server before v3.4.1 vulnerable to Denial of Service
Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...
Information Disclosure
parse-server is vulnerable to information disclosures. A malicious user can view personal identifiable information when querying the database without authorization...