Vulnerability Description
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parseplatform | Parse-Server | < 6.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51ePatch
- https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8Patch
- https://github.com/parse-community/parse-server/releases/tag/6.5.0Release Notes
- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20Release Notes
- https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vVendor Advisory
- https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51ePatch
- https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8Patch
- https://github.com/parse-community/parse-server/releases/tag/6.5.0Release Notes
- https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20Release Notes
- https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vVendor Advisory
FAQ
What is CVE-2024-27298?
CVE-2024-27298 is a vulnerability with a CVSS score of 10.0 (CRITICAL). parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 ...
How severe is CVE-2024-27298?
CVE-2024-27298 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-27298?
Check the references section above for vendor advisories and patch information. Affected products include: Parseplatform Parse-Server.