Lucene search
+L

61 matches found

vulnersOsv
vulnersOsv
added 2021/10/06 5:47 p.m.4 views

bem-register (>=1.0.0 <=1.0.5), itstep_server (=0.0.1) +4 more potentially affected by CVE-2021-23372 via mongo-express (>=0.19.0 <=0.53.0)

mongo-express NPM version =0.19.0, =1.0.0, =0.1.1, =1.0.0, =1.5.0, =1.6.1 Source cves: CVE-2021-23372 Source advisory: OSV:GHSA-M2R3-8492-VX59...

7.5CVSS7.1AI score0.00878EPSS
Exploits0
OSV
OSV
added 2021/10/06 5:47 p.m.20 views

GHSA-M2R3-8492-VX59 Denial of Service (DoS) in mongo-express

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

4.4CVSS7.5AI score0.00878EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/10/06 5:47 p.m.34 views

Denial of Service (DoS) in mongo-express

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

7.5CVSS3.8AI score0.00878EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2021/06/21 7:15 p.m.18 views

CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

8.1CVSS0.0157EPSS
Exploits1References3
Prion
Prion
added 2021/06/21 7:15 p.m.26 views

Code injection

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

4.3CVSS6AI score0.0157EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/06/21 6:45 p.m.117 views

CVE-2021-21422

Summary: CVE-2021-21422 affects mongo-express, a Node.js/Express-based MongoDB admin UI. The issue stems from two XSS vectors: (1) when a cell’s content exceeds the supported size, clicking a row reveals the full document unescaped (requires admin interaction); (2) media-like data cells render as...

8.1CVSS6.3AI score0.0157EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/06/21 6:45 p.m.29 views

CVE-2021-21422 XSS Vulnerability in mongo-express

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

8.1CVSS8.1AI score0.0157EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.6 views

mongo-express 跨站脚本漏洞

mongo-express is a lightweight, web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express that stems from the ability of an unauthorized user to send large amounts of data...

8.1CVSS6.8AI score0.0157EPSS
Exploits1References5
Veracode
Veracode
added 2021/04/14 3:57 a.m.21 views

Denial Of Service (DoS)

mongo-express is vulnerable to denial of service. An attacker is able to crash the application through an unhandled exception by exporting a CSV file containing an empty collection...

7.5CVSS2.7AI score0.00878EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2021/04/13 8:15 p.m.15 views

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

7.5CVSS0.00878EPSS
Exploits0References1
OSV
OSV
added 2021/04/13 8:15 p.m.3 views

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

7.5CVSS7.1AI score0.00878EPSS
Exploits0References1
Prion
Prion
added 2021/04/13 8:15 p.m.17 views

Design/Logic Flaw

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

5CVSS7.5AI score0.00878EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/04/13 3:41 p.m.59 views

Remote code execution in mongo-express

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

9.8CVSS8.9AI score0.74519EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/04/13 3:20 p.m.51 views

CVE-2021-23372

The CVE-2021-23372 entry concerns all versions of mongo-express with a Denial of Service when exporting an empty collection to CSV due to an unhandled exception that crashes the application. Affected software is the mongo-express package (Node.js/Express-based web UI for MongoDB). The root cause ...

7.5CVSS5.9AI score0.00878EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/04/13 3:17 p.m.4 views

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

7.5CVSS5.3AI score0.00878EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.7 views

mongo-express 代码问题漏洞

mongo-express is a lightweight, web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in all versions of mongo-express that stems from an unhandled exception...

7.5CVSS7.3AI score0.00878EPSS
Exploits0References2
NVD
NVD
added 2021/03/30 9:15 p.m.30 views

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

9.8CVSS0.74519EPSS
Exploits0References2
OSV
OSV
added 2021/03/30 9:15 p.m.15 views

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

9.8CVSS6.7AI score
Exploits0References2
Prion
Prion
added 2021/03/30 9:15 p.m.23 views

Design/Logic Flaw

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

7.5CVSS9.4AI score0.74519EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/03/30 8:52 p.m.125 views

CVE-2020-24391

Summary: CVE-2020-24391 affects Mongo-Express before 1.0.0 and enables remote code execution. The Nuclei template describes that it uses unsafe evaluation (safer-eval) to validate user-supplied JavaScript, and that the sandboxing can be bypassed, allowing code execution in the node server context...

9.8CVSS9.3AI score0.74519EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder