CVE-2019-1020012

Name of the Vulnerable Software and Affected Versions: parse-server versions prior to 3.4.1

Description: The issue allows for a denial of service (DoS) after any POST request to a volatile class. If a POST request is made to a volatile class, such as "/parse/classes/ Audience", any subsequent POST requests will result in an internal server error (500).

Recommendations: For versions prior to 3.4.1, update to version 3.4.1 or later. Additionally, remove the offending collection from the database to fully resolve the issue. As a temporary workaround, consider applying the patch available at https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5.