CVE-2024-27298 | parse-server up to 6.4.x/7.0.0-alpha.19 on Node.js PostgreSQL sql injection (GHSA-6927-3vr9-fxf2)

Posted by Angelo Barbosa | Mar 1, 2024 | CVE

A vulnerability classified as critical was found in parse-server up to 6.4.x/7.0.0-alpha.19 on Node.js. Affected by this vulnerability is an unknown functionality of the component PostgreSQL Handler. The manipulation leads to sql injection.

This vulnerability is known as CVE-2024-27298. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-27298 | parse-server up to 6.4.x/7.0.0-alpha.19 on Node.js PostgreSQL sql injection (GHSA-6927-3vr9-fxf2)

Related Posts

CVE-2024-25632 | eLabFTW up to 5.0.x saml_team_create privileges assignment (GHSA-6m7p-gh9f-5mgg)

CVE-2024-3561 | Custom Field Suite Plugin up to 2.6.7 on WordPress Term Custom Field sql injection

CVE-2024-52023 | Netgear XR300/R6400/R7000P HTTP POST Request pppoe2.cgi pppoe_localip stack-based overflow

CVE-2024-24860 | Linux Kernel up to 6.8-rc2 Bluetooth Device min_key_size_set/max_key_size_set race condition