Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Parse Server Security Vulnerabilities

cve
cve

CVE-2020-15126

In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.

6.5CVSS

6.4AI Score

0.001EPSS

2020-07-22 11:15 PM
40
cve
cve

CVE-2023-22474

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server will...

8.7CVSS

7.8AI Score

0.001EPSS

2023-02-03 08:15 PM
47
cve
cve

CVE-2024-27298

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.

10CVSS

9.7AI Score

0.0004EPSS

2024-03-01 06:15 PM
57