Critical severityNVD Advisory· Published Mar 1, 2024· Updated Aug 22, 2024
Parse Server literalizeRegexPart SQL Injection
CVE-2024-27298
Description
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
parse-servernpm | < 6.5.0 | 6.5.0 |
parse-servernpm | >= 7.0.0-alpha.1, < 7.0.0-alpha.20 | 7.0.0-alpha.20 |
Affected products
3- osv-coords2 versions
< 6.5.0+ 1 more
- (no CPE)range: < 6.5.0
- (no CPE)range: < 6.5.0
- Range: < 6.5.0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6927-3vr9-fxf2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-27298ghsaADVISORY
- github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504ghsax_refsource_MISCWEB
- github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833ghsax_refsource_MISCWEB
- github.com/parse-community/parse-server/releases/tag/6.5.0ghsax_refsource_MISCWEB
- github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20ghsax_refsource_MISCWEB
- github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.