3 matches found
Incorrect Authorization
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in the redirectClassNameForKey query parameter handling. An unauthenticated attacker can gain...
Incorrect Authorization
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Incorrect Authorization in LiveQuery. An attacker can gain unauthorized access to sensitive data by subscribing to real-time...
Server-side Request Forgery (SSRF)
Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the apiURL parameter in authData used by the Instagram OAuth adapter. An attacker can...