CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

CVE-2024-39309

Parse Server (Node.js) prior to versions 6.5.7 and 7.1.0 is vulnerable to SQL injection when configured with PostgreSQL. The issue stems from how user input is handled in the PostgreSQL path, and the detection algorithm was improved in 6.5.7 and 7.1.0. Remediation is to upgrade to the fixed relea...

CVE-2024-39309 ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved...

GHSA-C2HR-CQG6-8J6R ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +25 more potentially affected by CVE-2024-39309 via parse-server (>=2.0.8 <=6.5.11)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2024-39309 Source advisory: OSV:GHSA-C2HR-CQG6-8J6R...

ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability

Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References - https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r -...

CVE-2024-39853

adolphdudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-39000

adolphdudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip via the parseFromZipFile function, which will copy the file in zip to a temporary directory without verifying the file path, and the file can be written to an arbitrary path. Details ...

Parse Server Security Vulnerability

Parse Server is an open source backend from Parse Platform Open Source that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 6.5.7 and 7.1.0 that stems from vulnerability to SQL injection attacks when configured to use a...

Swiper Security Vulnerabilities

Swiper is a free mobile touch slider by Vladimir Kharlampidi personal developer. It is intended for use in mobile websites, mobile web applications and mobile native applications. A security vulnerability exists in Swiper version v0.0.2, which stems from the inclusion of prototype contamination v...

PT-2024-28701 · Unknown · Ratio-Swiper

Name of the Vulnerable Software and Affected Versions: ratio-swiper version 0.0.2 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS by injecting arbitrary properties via the parse function, which is vulnerable to prototype pollution. Recommendation...

PT-2024-28316 · Adolph Dudu · Ratio-Swiper

Name of the Vulnerable Software and Affected Versions: adolph dudu ratio-swiper version 0.0.2 Description: The issue allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties through a prototype pollution vulnerability in the parse function...

PT-2024-28434 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 6.5.7 Parse Server versions prior to 7.1.0 Description: A vulnerability in Parse Server allows SQL injection when configured to use the PostgreSQL database. This issue enables remote attackers to bypass...

DEBIAN-CVE-2016-20022

In the Linux kernel before 4.8, usbparseendpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

AZL-43591 CVE-2024-39133 affecting package zziplib 0.13.72-3

Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c...

DEBIAN-CVE-2024-39133

Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c...

UBUNTU-CVE-2024-39133

Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the zzipparserootdirectory function at /zzip/zip.c...

ZZIPlib security vulnerability

ZZIPlib is a compressed document extraction library. A security vulnerability exists in ZZIPlib version v0.13.77, which stems from a service resolution vulnerability in the zzipparserootdirectory function of the /zzip/zip.c file...