High
Node.js parse-server module could allow a remote attacker to obtain sensitive information, caused by the storing of domain password in plain text in the authData section of returned contract. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain domain password information, and use this information to launch further attacks against the affected system.
Information disclosure
NodeJS
Node.js parse-server 4.4.0
Upgrade to the latest version of parse-server (4.5.0 or later).