Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0. No known workarounds are available.
References
Configurations
No configuration.
History
21 Nov 2024, 09:27
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3 - | |
References | () https://github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b - | |
References | () https://github.com/parse-community/parse-server/pull/9167 - | |
References | () https://github.com/parse-community/parse-server/pull/9168 - | |
References | () https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r - |
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jul 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-01 22:15
Updated : 2024-11-21 09:27
NVD link : CVE-2024-39309
Mitre link : CVE-2024-39309
CVE.ORG link : CVE-2024-39309
JSON object : View
Products Affected
No product.