23 matches found
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2019-17426
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
BIT-MONGOOSE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
BIT-MONGOOSE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
Code injection
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696
CVE-2023-3696 affects the GitHub repository automattic/mongoose, with the vulnerability present in versions before 7.3.4. The root cause is a prototype pollution flaw in the code path used for object merging. Exploitation details are not provided in the supplied documents, but CVSS metrics indica...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
Automattic Mongoose 安全漏洞
Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 7.3.4 that stems from the presence of a prototype contamination vulnerability...
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
Improper Input Validation in Automattic Mongoose
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
GHSA-8687-VV9J-HGPH Improper Input Validation in Automattic Mongoose
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
Access Control Bypass
Automattic Mongoose is vulnerable to access control bypass. If an attacker injects a bsontype attribute to a query object, Mongoose ignores the query object, allowing an attacker to log into other users account or bypassing the token verification during a password reset...
Improper access control
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...