Identifier

CVE-2020-15126

Package Slug

npm/parse-server

Vulnerability

Incorrect Authorization

Description

In parser-server, an authenticated user using the viewer GraphQL query can bypass all read security on his User object and can also bypass all objects linked via relation or Pointer on his User object.

Affected Versions

All versions starting from 3.5.0 before 4.3.0

Solution

Upgrade to version 4.3.0 or above.

Last Modified

2020-07-30

source