Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/29 7:18 p.m.12 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the Did you mean ...? suggestions in GraphQL validation-error messages. An attacker can enumerate...

6.9CVSS5.8AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 6:37 p.m.7 views

Improper Validation of Syntactic Correctness of Input

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the LiveQuery subscription when an invalid regular expression patte...

8.2CVSS5.8AI score0.0055EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:4 p.m.3 views

Missing Authentication for Critical Function

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the createSubscriptions process. An attacker can execute unauthorized GraphQ...

7.3CVSS5.8AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 10:40 p.m.1 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure in the LiveQuery subscription process. An attacker can infer the values of protected fields by crafting...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/06 6:46 p.m.1 views

Incorrect Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization via the /loginAs endpoint when using the readOnlyMasterKey credential. An attacker can impersonate...

8.5CVSS5.9AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder