1600 matches found
parse-server denial of service vulnerability
parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-server versions prior to 3.4.1. An attacker can exploit this vulnerability to cause a denial of service...
Information Disclosure
parse-server is vulnerable to information disclosure. A remote attacker is able to enumerate existing accounts by analyzing the error messages from server responses...
Denial Of Service (DoS)
parse-server is vulnerable to denial of service DoS. The attack exists when a post request is made against a volatile class such as /parse/classes/Audience, returning 500 an internal server error for subsequent POST requests...
CVE-2019-1020013
parse-server before 3.6.0 allows account enumeration...
CVE-2019-1020013
parse-server before 3.6.0 allows account enumeration...
CVE-2019-1020012
parse-server before 3.4.1 allows DoS after any POST to a volatile class...
CVE-2019-1020012
parse-server before 3.4.1 allows DoS after any POST to a volatile class...
Design/Logic Flaw
parse-server before 3.6.0 allows account enumeration...
Design/Logic Flaw
parse-server before 3.4.1 allows DoS after any POST to a volatile class...
CVE-2019-1020013
parse-server before 3.6.0 allows account enumeration...
CVE-2019-1020013
CVE-2019-1020013 affects parse-server prior to 3.6.0, allowing unauthenticated users to enumerate existing accounts via error messages. The root cause is information disclosure during authentication/account linking flow, where specific errors reveal account existence (ParseError.ACCOUNT_ALREADY_L...
CVE-2019-1020012
parse-server before 3.4.1 allows DoS after any POST to a volatile class...
CVE-2019-1020012
CVE-2019-1020012 affects parse-server prior to 3.4.1 and enables a Denial of Service after POSTing to a volatile class (e.g., /parse/classes/_Audience). Several sources confirm the vulnerability and patch: the public advisory notes that subsequent POST requests can yield a 500 Internal Server Err...
Sensitive Data Exposure in parse-server
Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2019-1020013 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2019-1020013 Source advisory: OSV:GHSA-8W3J-G983-8JH5...
GHSA-8W3J-G983-8JH5 Sensitive Data Exposure in parse-server
Versions of parse-server prior to 3.6.0 could allow an account enumeration attack via account linking. ParseError.ACCOUNTALREADYLINKED208 was thrown BEFORE the AuthController checks the password and throws a ParseError.SESSIONMISSING206 for Insufficient auth. An attacker can guess ids and get...
GHSA-2479-QVV7-47QQ Parse Server before v3.4.1 vulnerable to Denial of Service
Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2019-1020012 via parse-server (>=2.0.8 <=3.10.0)
parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2019-1020012 Source advisory: OSV:GHSA-2479-QVV7-47QQ...
Parse Server before v3.4.1 vulnerable to Denial of Service
Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...
Information Disclosure
parse-server is vulnerable to information disclosures. A malicious user can view personal identifiable information when querying the database without authorization...