CVE-2024-29027: Server crashes on invalid Cloud Function or Cloud Job name
Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection.
References
- github.com/advisories/GHSA-6hh7-46r2-vf29
- github.com/parse-community/parse-server
- github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b
- github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e
- github.com/parse-community/parse-server/releases/tag/6.5.5
- github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29
- github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29
- nvd.nist.gov/vuln/detail/CVE-2024-29027
Detect and mitigate CVE-2024-29027 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →