parse-server is vulnerable to information disclosure. A remote unauthenticated attacker is able to gain access to sensitive user information because the library does not remove protected fields in classes and passes them to the client.
github.com/parse-community/parse-server/commit/054f3e6ab01d66a0dcfb77725af28eac1485b375
github.com/parse-community/parse-server/commit/309f64ced8700321df056fb3cc97f15007a00df1
github.com/parse-community/parse-server/commit/9fd4516cde5c742f9f29dd05468b4a43a85639a6
github.com/parse-community/parse-server/issues/8073
github.com/parse-community/parse-server/pull/8073
github.com/parse-community/parse-server/pull/8074
github.com/parse-community/parse-server/releases/tag/5.2.4
github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh