1612 matches found
GHSA-C2HR-CQG6-8J6R ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...
Parse Server Security Vulnerability
Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 6.5.7 and 7.1.0 that stems from vulnerability to SQL injection attacks when configured to use a...
PT-2024-28434 · Postgresql +1 · Postgresql +1
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.7 Parse Server versions prior to 7.1.0 Description: A vulnerability in Parse Server allows SQL injection when configured to use the PostgreSQL database. This issue enables remote attackers to bypass...
kernel: cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
kernel: cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
SUSE CVE-2024-26828
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
DEBIAN-CVE-2024-26828
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
UBUNTU-CVE-2024-26828
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
CVE-2024-26828 cifs: fix underflow in parse_server_interfaces()
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a parseserverinterfaces buffer underflow...
BIT-PARSE-2024-27298 Parse Server literalizeRegexPart SQL Injection
parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0...
Improper Input Validation
parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code...
BIT-PARSE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remo...
@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-29027 via parse-server (>=2.0.8 <=6.5.11)
parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-29027 Source advisory: OSV:GHSA-6HH7-46R2-VF29...
Server crashes on invalid Cloud Function or Cloud Job name
Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...
GHSA-6HH7-46R2-VF29 Server crashes on invalid Cloud Function or Cloud Job name
Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. Patches Added string sanitation for Cloud Function name and Cloud Job name. Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server...
CVE-2024-29027
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...
CVE-2024-29027
Parse Server vulnerability CVE-2024-29027 affects versions prior to 6.5.5 and 7.0.0-alpha.29, where calling an invalid Cloud Function name or Cloud Job name can crash the server and may allow code injection, internal store manipulation, or remote code execution. The fix was implemented in 6.5.5 a...
CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...
CVE-2024-29027 Parse Server crash and RCE via invalid Cloud Function or Cloud Job name
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulatio...