Main Vulnerability Database SB2020110218

SB2020110218 - Information disclosure in Parse SDK js

Published: November 2, 2020 Updated: January 31, 2023

Security Bulletin ID SB2020110218

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Operation on a Resource after Expiration or Release (CVE-ID: CVE-2020-15270)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to incorrect session management mechanism that does not properly implement session expiration. A remote attacker with invalidated session token can still receive broadcast events.

Remediation

Install update from vendor's website.

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj