Nikoladzekic

**Name of the Vulnerable Software and Affected Versions** Parse Server versions prior to 8.6.55 Parse Server versions prior to 9.6.0-alpha.44 **Description** An unauthenticated attacker can send a crafted HTTP request with a deeply nested query containing logical operators, causing the Parse Server process to hang permanently. The server becomes unresponsive and requires manual restart. This is a bypass of a previous fix. The request exploits a flaw in how the server handles complex queries, leading to a denial-of-service condition. **Recommendations** Update to Parse Server version 8.6.55 or later. Update to Parse Server version 9.6.0-alpha.44 or later.