9
CVE-2024-29027
- EPSS 1.9%
- Veröffentlicht 19.03.2024 19:15:06
- Zuletzt bearbeitet 17.12.2025 21:33:11
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Parseplatform ≫ Parse-server SwPlatformnode.js Version < 6.5.5
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha1 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha10 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha11 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha12 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha13 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha14 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha15 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha16 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha17 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha18 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha19 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha2 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha20 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha21 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha22 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha23 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha24 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha25 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha26 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha27 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha28 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha3 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha4 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha5 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha6 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha7 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha8 SwPlatformnode.js
Parseplatform ≫ Parse-server Version7.0.0 Updatealpha9 SwPlatformnode.js
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.9% | 0.827 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 9 | 2.2 | 6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.