MEDIUM 6.5
GHSA-236h-rqv8-8q73
GraphQL: Security breach on Viewer query
상세
### Impact An authenticated user using the viewer GraphQL query can bypass all read security on his User object and can also bypass all objects linked via relation or Pointer on his User object.
### Patches This vulnerability has been patched in Parse Server 4.3.0.
### Workarounds No
### References See [commit 78239ac](https://github.com/parse-community/parse-server/commit/78239ac9071167fdf243c55ae4bc9a2c0b0d89aa) for details.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/parse-community/parse-server/security/advisories/GHSA-236h-rqv8-8q73 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2020-15126 [ADVISORY]
- https://github.com/parse-community/parse-server/commit/78239ac9071167fdf243c55ae4bc9a2c0b0d89aa [WEB]
- https://github.com/parse-community/parse-server/blob/master/CHANGELOG.md#430 [WEB]