AIKIDO-2026-10179
parse-server is vulnerable to Generation of Error Message Containing Sensitive Information
21
Low Risk
This Affects:
parse-serverTL;DR
Affected versions of this package improperly handle MongoDB timeout errors, resulting in uncaught exceptions that may crash the application and expose internal error details to clients. This behavior can lead to information disclosure and service instability due to unsanitized database connectivity failures. An attacker could intentionally trigger database connection exhaustion or force timeout conditions (e.g., sending excessive requests or manipulating inputs that increase query latency) to cause repeated crashes or retrieve internal system information from verbose error responses, enabling denial of service or reconnaissance of backend infrastructure.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
parse-server is vulnerable to Generation of Error Message Containing Sensitive Information in versions 6.0.0 - 9.1.1.
How to fix this
Upgrade the parse-server library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant