{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T13:20:48.704","vulnerabilities":[{"cve":{"id":"CVE-2020-15270","sourceIdentifier":"security-advisories@github.com","published":"2020-10-22T22:15:12.063","lastModified":"2024-11-21T05:05:14.230","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched."},{"lang":"es","value":"El servidor de análisis (npm package parse-server) transmite eventos a todos los clientes sin comprobar si el testigo de sesión es válido. Esto permite a los clientes con sesiones caducadas seguir recibiendo objetos de suscripción. No es posible crear objetos de suscripción con testigos de sesión inválidos. El problema no está parcheado"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-672"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-672"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parseplatform:parse-server:*:*:*:*:*:node.js:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"A72BDBDC-5721-470F-8C38-51FEB236B3D4"}]}]}],"references":[{"url":"https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://npmjs.com/parse-server","source":"security-advisories@github.com","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://npmjs.com/parse-server","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]}]}}]}