Home > Vulnerability Database > CVE-2024-29027

Mend.io Vulnerability Database

CVE-2024-29027

Good to know:

Date: March 19, 2024

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.

Language: JS

Severity Score

9.0

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29027

Url: https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b

Url: https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29

Url: https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e

Url: https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29

Url: https://github.com/parse-community/parse-server/releases/tag/6.5.5

Url: https://www.mend.io/vulnerability-database/CVE-2024-29027

Severity Score

9.0

Weakness Type (CWE)

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version parse-server - 6.5.5

Learn More

CVSS v3.1

Base Score:	9.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29027

Good to know:

Date: March 19, 2024

Language: JS

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?