3 matches found
CVE-2020-24391
creationtimestamp| type| source ---|---|--- 2026-06-24 14:37:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp25bonoel2y...
CVE-2020-24391
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...
CVE-2020-24391
Summary: CVE-2020-24391 affects Mongo-Express before 1.0.0 and enables remote code execution. The Nuclei template describes that it uses unsafe evaluation (safer-eval) to validate user-supplied JavaScript, and that the sandboxing can be bypassed, allowing code execution in the node server context...