9 matches found
CVE-2026-33527
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...
CVE-2026-33527
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...
CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...
Incorrect Authorization
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization via session fields such as expiresAt and createdWith. An authenticated user can modify...
Parse Server 安全漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that supports Node.js. There were security vulnerabilities in versions of Parse Server prior to 8.6.57 and 9.6.0-alpha.48. These vulnerabilities stemmed from the fact that authenticate...
PT-2026-27482
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.57 Parse Server versions prior to 9.6.0-alpha.48 Description An authenticated user can modify server-generated session fields, such as expiresAt and createdWith, when updating their own session through the RE...
CVE-2026-32742
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...
CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...
PT-2026-25982
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/...