Monthly
Parse Server's OAuth2 authentication adapter fails to properly validate app IDs when appidField and appIds are configured, allowing attackers to bypass authentication restrictions or cause login failures depending on the introspection endpoint's response handling. Deployments using this specific OAuth2 configuration are vulnerable to authentication bypass if the endpoint accepts malformed requests. A patch is available in versions 9.6.0-alpha.13 and 8.6.39.
Flask is a web server gateway interface (WSGI) web application framework. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.
Parse Server's OAuth2 authentication adapter fails to properly validate app IDs when appidField and appIds are configured, allowing attackers to bypass authentication restrictions or cause login failures depending on the introspection endpoint's response handling. Deployments using this specific OAuth2 configuration are vulnerable to authentication bypass if the endpoint accepts malformed requests. A patch is available in versions 9.6.0-alpha.13 and 8.6.39.
Flask is a web server gateway interface (WSGI) web application framework. Rated low severity (CVSS 1.8), this vulnerability is low attack complexity. No vendor patch available.