98
Critical
parse-server
AIKIDO-2024-10157: parse-server is vulnerable to SQL injection in versions 2.2.14 - 6.5.6 and 7.0.0 - 7.0.0.
SQL injection
Vuln in 2.2.14 - 6.5.6
Fixed in 6.5.7
Vuln in 7.0.0 - 7.0.0
Fixed in 7.1.0
CVE-2024-39309
TL;DR
Affected versions of this package are vulnerable to a Use SQL injection.
Who does this affect?
You're affected if you are using a vulnerable version of the package and when parse-server is configured to use the PostgreSQL database.
How can it be fixed?
Upgrade parse-server to a patch version.
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US