← Volver a CVEs
CVE-2024-39309
CRITICAL9.8
Descripcion
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/1/2024
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-89CWE-288
Referencias
https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3(security-advisories@github.com)
https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b(security-advisories@github.com)
https://github.com/parse-community/parse-server/pull/9167(security-advisories@github.com)
https://github.com/parse-community/parse-server/pull/9168(security-advisories@github.com)
https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r(security-advisories@github.com)
https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/parse-community/parse-server/pull/9167(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/parse-community/parse-server/pull/9168(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.