How severe is CVE-2022-24760?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2022-24760?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2022-24760

CRITICAL Year: 2022

CVSS v3 Score

10.0

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-74

View all →

Vulnerability Description

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm.

CVE-2020-26282

CRITICAL

CVSS:10.0(Critical)

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it i...

CWE-742020

CVE-2023-1523

CRITICAL

CVSS:10.0(Critical)

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap...

CWE-742023

CVE-2023-22527

CRITICAL

CVSS:10.0(Critical)

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version...

CWE-742023

CVE-2023-30547

CRITICAL

CVSS:10.0(Critical)

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to ra...

CWE-742023

CVE-2023-32314

CRITICAL

CVSS:10.0(Critical)

vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a h...

CWE-742023

CVE-2024-38366

CRITICAL

CVSS:10.0(Critical)

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which ...

CWE-742024

CVE-2022-24760

Vulnerability Description

Related Vulnerabilities

CVE-2020-26282

CVE-2023-1523

CVE-2023-22527

CVE-2023-30547

CVE-2023-32314

CVE-2024-38366