17 matches found
EUVD-2020-0347
Malware in sbrugna...
EUVD-2020-0527
Malware in sbrugna...
CVE-2020-15126
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object...
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
BIT-PARSE-2020-5251 Information disclosure in parse-server
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
Malicious Package
Overview tolerant-php-parser-server is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...
Unspecified vulnerability in parser-server
parser-server is an API server module for Node/Express. A security vulnerability exists in parser-server version 3.5.0 through versions prior to 4.3.0, which can be exploited by attackers to bypass security restrictions...
CVE-2020-15126
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object...
CVE-2020-15126
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object...
Design/Logic Flaw
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object...
CVE-2020-15126
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object...
CVE-2020-15126
CVE-2020-15126 affects parse-server versions 3.5.0 through prior to 4.3.0. An authenticated user executing the viewer GraphQL query can bypass read security on his User object and bypass access to all objects linked via relations or pointers on that User object. The issue is an authorization bypa...
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
CVE-2020-5251
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
Code injection
In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way...
CVE-2020-5251
CVE-2020-5251 affects parse-server prior to version 4.1.0. An insecure regex in NoSQL queries on the _sessionToken (and related token[$regex]) can disclose information by enumerating user objects, enabling an attacker to identify valid accounts. This is a information-disclosure flaw rather than r...
PT-2020-18345 · Parse · Parse Server
Name of the Vulnerable Software and Affected Versions: parser-server versions prior to 4.1.0 Description: The issue allows fetching all user objects by utilizing regex in the NoSQL query, specifically targeting the sessionToken. This can be achieved through the API endpoint "/parse/users/me" by...