CVE-2020-15126

CVE-2020-15126 affects parse-server versions 3.5.0 through prior to 4.3.0. An authenticated user executing the viewer GraphQL query can bypass read security on his User object and bypass access to all objects linked via relations or pointers on that User object. The issue is an authorization bypa...