Intel/AIKIDO-2024-10048
parse-server
AIKIDO-2024-10048
parse-server is vulnerable to Improper Input Validation
Improper Input ValidationCVE-2024-29027 Published Apr 24, 2024
85
High Risk
This Affects:
parse-server3.0.0 - 6.5.4
Fixed in 6.5.5Are you affected? Scan for Free
TL;DR
Versions of this package impacted by this issue are vulnerable due to inadequate input validation for Cloud Function and Cloud Job names. Exploiting this flaw allows an attacker to trigger a Denial of Service or execute arbitrary code by sending a specially crafted request.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
parse-server is vulnerable to Improper Input Validation in versions 3.0.0 - 6.5.4.
How to fix this
Upgrade the parse-server library to the patch version.
Links
GitHub Releases
Fix Commits
github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179bhttps://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b
github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6ehttps://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant