61 matches found
bem-register (>=1.0.0 <=1.0.5), itstep_server (=0.0.1) +4 more potentially affected by CVE-2021-23372 via mongo-express (>=0.19.0 <=0.53.0)
mongo-express NPM version =0.19.0, =1.0.0, =0.1.1, =1.0.0, =1.5.0, =1.6.1 Source cves: CVE-2021-23372 Source advisory: OSV:GHSA-M2R3-8492-VX59...
GHSA-M2R3-8492-VX59 Denial of Service (DoS) in mongo-express
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
Denial of Service (DoS) in mongo-express
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
Code injection
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
CVE-2021-21422
Summary: CVE-2021-21422 affects mongo-express, a Node.js/Express-based MongoDB admin UI. The issue stems from two XSS vectors: (1) when a cell’s content exceeds the supported size, clicking a row reveals the full document unescaped (requires admin interaction); (2) media-like data cells render as...
CVE-2021-21422 XSS Vulnerability in mongo-express
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
mongo-express 跨站脚本漏洞
mongo-express is a lightweight, web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express that stems from the ability of an unauthorized user to send large amounts of data...
Denial Of Service (DoS)
mongo-express is vulnerable to denial of service. An attacker is able to crash the application through an unhandled exception by exporting a CSV file containing an empty collection...
CVE-2021-23372
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
CVE-2021-23372
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
Design/Logic Flaw
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
Remote code execution in mongo-express
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...
CVE-2021-23372
The CVE-2021-23372 entry concerns all versions of mongo-express with a Denial of Service when exporting an empty collection to CSV due to an unhandled exception that crashes the application. Affected software is the mongo-express package (Node.js/Express-based web UI for MongoDB). The root cause ...
CVE-2021-23372
All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...
mongo-express 代码问题漏洞
mongo-express is a lightweight, web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in all versions of mongo-express that stems from an unhandled exception...
CVE-2020-24391
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...
CVE-2020-24391
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...
Design/Logic Flaw
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...
CVE-2020-24391
Summary: CVE-2020-24391 affects Mongo-Express before 1.0.0 and enables remote code execution. The Nuclei template describes that it uses unsafe evaluation (safer-eval) to validate user-supplied JavaScript, and that the sandboxing can be bypassed, allowing code execution in the node server context...