CVE-2024-29027

Summary

CVE-2024-29027 is a vulnerability affecting Parse Server, an open-source backend used in Node.js infrastructures. Before versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Cloud Function or Cloud Job name resulted in a server crash, potentially enabling code injection, internal store manipulation, or remote code execution. This issue stems from insufficient string sanitation for these names. The current patches, in versions 6.5.5 and 7.0.0-alpha.29, include string sanitation for Cloud Function and Cloud Job names as a mitigation measure. A recommended workaround is to sanitize these names prior to reaching Parse Server.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.