CVE-2022-39225P4LOWCVSS 3.1fixed in 4.10.15·≥ 5.0.0, < 5.2.62022-09-23
CVE-2022-39225 [LOW] CWE-669 CVE-2022-39225: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 4.10.15, or 5.0.0 and above prior to 5.2.6, a user can write to the session object of another user if the session object ID is known. For example, an attacker can assign the session object to their own user by writing to the `use
nvd