How severe is CVE-2024-29027?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2024-29027?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-29027

CRITICAL Year: 2024

CVSS v3 Score

9.0

Critical

Weakness Type

CWE-74

View all →

Vulnerability Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.

CVE-2021-21353

CRITICAL

CVSS:9.0(Critical)

Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a u...

CWE-742021

CVE-2023-22522

CRITICAL

CVSS:9.0(Critical)

This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is abl...

CWE-742023

CVE-2023-43656

CRITICAL

CVSS:9.0(Critical)

matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransform...

CWE-742023

CVE-2024-39604

CRITICAL

CVSS:9.0(Critical)

A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An at...

CWE-742024

CVE-2014-7236

CRITICAL

CVSS:9.1(Critical)

Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.

CWE-742014

CVE-2015-7544

CRITICAL

CVSS:9.1(Critical)

redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary comma...

CWE-742015

CVE-2024-29027

Vulnerability Description

Related Vulnerabilities

CVE-2021-21353

CVE-2023-22522

CVE-2023-43656

CVE-2024-39604

CVE-2014-7236

CVE-2015-7544