Preface: Parse was founded in 2011 by Tikhon Bernstam, Ilya Sukhar, James Yu, and Kevin Lacker, previously at Google and Y Combinator.
An open source backend-as-a-service (BaaS) framework originally developed by Facebook. On January 28, 2016, Facebook open sourced the Parse Platform and announced that it would shut down the Parse hosting service. However, the application source code allows users to perform migration to a self-hosted Parse Server. Parse Server is an open source backend that can be deployed on any infrastructure that can execute Node.js.
Background: Parse is the complete application stack for building applications faster with object and file storage, user authentication, push notifications, a dashboard, and more right out of the box. Compared to Google Firebase, Parse is a bunch of pure open-source projects for application building and life cycle management.
Vulnerability details: A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database.
Remedy: The algorithm to detect SQL injection has been improved in versions 6.5.7 and 7.1.0.
Workaround: No known workarounds are available.
Official announcement: For detail, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2024-39309