Description
Original Message: Hi,
I create objects with one client with an ACL of all users with a specific column value. Thats working so far.
Then I deleted the session object from one user to look if he can receive subscription objects and he can receive them. The client with the deleted session cant create new objects, which Parse restricts right.
Recommendation
Update the parse-server package to the latest compatible version. Followings are version details:
- Affected version(s): < 4.4.0
- Patched version(s): 4.4.0
References
Related Issues
- Incorrect version tags linked to external repository - Vulnerability
- Prototype Pollution in lodash (GHSA-jf85-cpcp-j695) - CVE-2019-10744
- Parse Server before v3.4.1 vulnerable to Denial of Service - CVE-2019-1020012
- Prototype Pollution in lodash (GHSA-4xc9-xhrj-v574) - CVE-2018-16487
- Tags:
- npm
- parse-server
Anything's wrong? Let us know Last updated on February 01, 2023