CVE-2024-53900
CVE-2024-53900 affects Mongoose. Before 8.8.3, it can improperly use $where in match, causing NoSQL injection with potential remote code execution (RCE). CVSS is 3.1 base 9.1 (CRITICAL). Mitigation: upgrade Mongoose to 8.8.3 or later; some sources describe continued risk due to incomplete fixes f...