Parse Server before v3.4.1 vulnerable to Denial of Service

Impact If a POST request is made to /parse/classes/Audience or other volatile class, any subsuquent POST requests result in an internal server error 500. Patches Afflicted installations will also have to remove the offending collection from their database. Yes, patched in 3.4.1 Workarounds Yes,...

Information Disclosure

parse-server is vulnerable to information disclosures. A malicious user can view personal identifiable information when querying the database without authorization...