In parse server versions prior to 4.10.7 there is a remote code execution vulnerability in parse server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code.
