Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-et7n-g719-z3cc
Vulnerability ID VCID-et7n-g719-z3cc
Aliases CVE-2020-15270
GHSA-2xm2-xj2q-qgpj
Summary Operation on a Resource after Expiration or Release The Parse Server npm package broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. However, it is not possible to create subscription objects with invalid session tokens.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-672 Operation on a Resource after Expiration or Release
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-15270
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-15270
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-15270
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-15270
epss 0.00253 https://api.first.org/data/v1/epss?cve=CVE-2020-15270
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-2xm2-xj2q-qgpj
cvssv3.1 4.3 https://github.com/parse-community/parse-server
generic_textual MODERATE https://github.com/parse-community/parse-server
cvssv3.1 4.3 https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58
generic_textual MODERATE https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58
cvssv3.1 4.3 https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj
cvssv3.1_qr MODERATE https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj
generic_textual MODERATE https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15270
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2020-15270
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-15270
https://github.com/parse-community/parse-server
https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58
https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj
CVE-2020-15270 https://nvd.nist.gov/vuln/detail/CVE-2020-15270
GHSA-2xm2-xj2q-qgpj https://github.com/advisories/GHSA-2xm2-xj2q-qgpj
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/parse-community/parse-server
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/parse-community/parse-server/security/advisories/GHSA-2xm2-xj2q-qgpj
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15270
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.48829
EPSS Score 0.00253
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:20:33.430257+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/parse-server/CVE-2020-15270.yml 38.6.0