CVE-2020-15270: Operation on a Resource after Expiration or Release
(updated )
The Parse Server npm package broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. However, it is not possible to create subscription objects with invalid session tokens.
References
Detect and mitigate CVE-2020-15270 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →