GHSA-6R2J-CXGF-495F Parse Server vulnerable to session token exfiltration via `redirectClassNameForKey` query parameter
Impact A vulnerability in Parse Server's query handling allows an authenticated or unauthenticated attacker to exfiltrate session tokens of other users by exploiting the redirectClassNameForKey query parameter. Exfiltrated session tokens can be used to take over user accounts. The vulnerability...