Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-27298

Published: 01/03/2024 Updated: 01/03/2024

Vulnerability Summary

parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.

Vulnerability Trend

References

https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833https://github.com/parse-community/parse-server/releases/tag/6.5.0https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook