cbcvebase.
CVE-2024-27298
published 2024-03-01

CVE-2024-27298: parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database…

PriorityP263critical10CVSS 3.1
AVNACLPRNUINSCCHIHAN
EPSS
1.03%
59.4th percentile
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20.

Affected

7 ranges
VendorProductVersion rangeFixed in
parse-communityparse-server< 6.5.06.5.0
parse-communityparse-server
parse-communityparse-server>= 0 < 6.5.06.5.0
parse-communityparse-server>= 7.0.0-alpha.1 < 7.0.0-alpha.207.0.0-alpha.20
parseplatformparse-server< 6.5.06.5.0
parseplatformparse-server
parseplatformparse-server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.