Lucene search

Veracode Vulnerability DatabaseVERACODE:47854

HistoryJul 02, 2024 - 6:53 a.m.

SQL Injection

2024-07-0206:53:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

parse-server

sql injection

postgresql

vulnerability

malicious queries

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

JSON

parse-server is vulnerable to SQL Injection. The vulnerability is due to improper handling of user-supplied input when configured with the PostgreSQL database, allowing malicious SQL queries to be executed.

CPENameOperatorVersion
parse-serverle6.5.6
parse-serverle7.1.0-beta.1
parse-serverle6.5.6
parse-serverle7.1.0-beta.1

Name	Operator	Version
parse-server	le	6.5.6
parse-server	le	7.1.0-beta.1
parse-server	le	6.5.6
parse-server	le	7.1.0-beta.1

References

github.com/parse-community/parse-server/commit/2edf1e4c0363af01e97a7fbc97694f851b7d1ff3

github.com/parse-community/parse-server/commit/f332d54577608c5ad927255e06d8c694e2e0ff5b

github.com/parse-community/parse-server/pull/9167

github.com/parse-community/parse-server/pull/9168

github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

JSON

Related for VERACODE:47854