-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| parse-server | npm | < 6.5.7 | 6.5.7 |
| parse-server | npm | >= 7.0.0, < 7.1.0 | 7.1.0 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe commit diff shows critical changes to SQL escaping logic in these PostgreSQL adapter functions. The vulnerability stems from improper handling of regex patterns containing \Q...\E sequences and single quotes. The original implementation's regex replacement patterns (e.g., .replace(/([^'])'/g, $1'')) failed to properly escape odd numbers of single quotes, allowing query termination and injection. The fix introduces more robust escaping by ensuring even numbers of quotes and better handling of special sequences, confirming these functions were the injection vectors when processing user-controlled regex input for PostgreSQL queries.