23 matches found
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2019-17426
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
BIT-MONGOOSE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
BIT-MONGOOSE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
Code injection
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696
CVE-2023-3696 affects the GitHub repository automattic/mongoose, with the vulnerability present in versions before 7.3.4. The root cause is a prototype pollution flaw in the code path used for object merging. Exploitation details are not provided in the supplied documents, but CVSS metrics indica...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
Automattic Mongoose 安全漏洞
Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 7.3.4 that stems from the presence of a prototype contamination vulnerability...
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
CVE-2022-2564 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6...
GHSA-8687-VV9J-HGPH Improper Input Validation in Automattic Mongoose
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
Improper Input Validation in Automattic Mongoose
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
Access Control Bypass
Automattic Mongoose is vulnerable to access control bypass. If an attacker injects a bsontype attribute to a query object, Mongoose ignores the query object, allowing an attacker to log into other users account or bypassing the token verification during a password reset...
Improper access control
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...