3 matches found
Inefficient Algorithmic Complexity
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the GraphQL query complexity validation process. An attacker can cause the Node.js eve...
Information Exposure
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure via the verifyPassword endpoint. An attacker can obtain sensitive authentication data, such as MFA TOTP...
PT-2022-18147 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions prior to 9.7.0 Description: The default settings of CORS ORIGIN and CORS ENABLED in Directus are true, which could lead to unauthorized access in uncontrolled environments when the configuration hasn't been changed. This is...