Lucene search

Veracode Vulnerability DatabaseVERACODE:45965

HistoryMar 21, 2024 - 10:27 a.m.

Improper Input Validation

2024-03-2110:27:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

parse-server

improper input validation

string sanitation

cloud function

cloud job names

server crash

internal object storage

arbitrary code

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

parse-server is vulnerable to Improper Input Validation. The vulnerability is due to insufficient string sanitation for Cloud Function or Cloud Job names, which allows an attacker to crash the server, manipulate internal object storage, or potentially execute arbitrary code.

CPENameOperatorVersion
parse-serverle7.0.0-alpha.28
parse-serverle6.5.4
parse-serverle7.0.0-alpha.28
parse-serverle6.5.4

Name	Operator	Version
parse-server	le	7.0.0-alpha.28
parse-server	le	6.5.4
parse-server	le	7.0.0-alpha.28
parse-server	le	6.5.4

References

github.com/advisories/GHSA-6hh7-46r2-vf29

github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b

github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e

github.com/parse-community/parse-server/releases/tag/6.5.5

github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29

github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for VERACODE:45965