Antoine Cormouls

2 exploits Active since Jul 2020
CVE-2020-15126 WRITEUP MEDIUM WRITEUP
Parser-Server <4.3.0 - Privilege Escalation
In parser-server from version 3.5.0 and before 4.3.0, an authenticated user using the viewer GraphQL query can by pass all read security on his User object and can also by pass all objects linked via relation or Pointer on his User object.
CVSS 6.5
CVE-2025-62374 WRITEUP MEDIUM WRITEUP
Parse < 7.0.0 - Prototype Pollution via ParseObject.fromJSON
Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ParseObject.fromJSON, ParseObject.pin, ParseObject.registerSubclass, ObjectStateMutations (internal), and encode/decode (internal) are affected. This vulnerability is fixed in 7.0.0.
CVSS 6.4