Lucene search
MitreCVELIST:CVE-2019-17426HistoryOct 10, 2019 - 12:35 a.m.
CVE-2019-17426
2019-10-1000:35:17
mitre
www.cve.org
1
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding “_bsontype”:“a” can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose’s failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).
Related
github
github
Improper Input Validation in Automattic Mongoose
2019-10-22 20:19:54
Prototype Pollution in ali-security/mongoose
2023-10-17 14:21:16
nvd
nvd
CVE-2019-17426
2019-10-10 02:05:46
prion
prion
Improper access control
2019-10-10 02:05:00
cve
cve
CVE-2019-17426
2019-10-10 02:05:46
osv
osv
CVE-2019-17426
2019-10-10 02:05:46
Improper Input Validation in Automattic Mongoose
2019-10-22 20:19:54
Prototype Pollution in ali-security/mongoose
2023-10-17 14:21:16
veracode
veracode
Access Control Bypass
2019-10-11 08:30:52