Description
Original Message: Hi,
I create objects with one client with an ACL of all users with a specific column value. Thats working so far.
Then I deleted the session object from one user to look if he can receive subscription objects and he can receive them. The client with the deleted session cant create new objects, which Parse restricts right.
Recommendation
Update the parse-server package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.4.0
- Patched version(s): 4.4.0
References
Related Issues
- Incorrect version tags linked to external repository - Vulnerability
- Parse Server exposes the data schema via GraphQL API - CVE-2025-53364
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- jquery-validation vulnerable to Cross-site Scripting - CVE-2025-3573
- Tags:
- npm
- parse-server
Anything's wrong? Let us know Last updated on February 01, 2023