Mongoose 注入漏洞

Mongoose is an open-source MongoDB object modeling framework developed by Automattic. It is designed to work in asynchronous environments. Prior to versions 6.13.9, 7.8.9, 8.22.1, and 9.1.6, Mongoose had an injection vulnerability. This vulnerability stemmed from bypassing the sanitizeFilter quer...

Linux Distros Unpatched Vulnerability : CVE-2023-34188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker ca...

Linux Distros Unpatched Vulnerability : CVE-2020-25887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in mgresolvefromhostsfile in Mongoose 6.18, when reading from a crafted hosts file. CVE-2020-25887 Note that Nessus relies on the presence of th...

Linux Distros Unpatched Vulnerability : CVE-2026-5245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...

@a-la-fois/api (>=0.0.25 <=0.0.39), @a-la-fois/doc-client (>=0.0.1 <=0.0.39) +115 more potentially affected by CVE-2026-42334 via mongoose (>=7.0.0 <=7.8.8)

mongoose NPM version =7.0.0, =0.0.25, =0.0.1, =0.0.25, =0.0.1, =0.0.25, =3.12.0, =1.0.0, =1.0.6, =0.2.0, =0.2.0, =0.0.0, =1.0.2, =1.0.0, =7.6.10, =7.8.6 and more Source cves: CVE-2026-42334 Source advisory: SNYK:JS-MONGOOSE-16425765...

@a-la-fois/api (>=0.0.25 <=0.0.39), @a-la-fois/doc-client (>=0.0.1 <=0.0.39) +115 more potentially affected by CVE-2026-42334 via mongoose (>=7.0.0 <=7.8.8)

mongoose NPM version =7.0.0, =0.0.25, =0.0.1, =0.0.25, =0.0.1, =0.0.25, =3.12.0, =1.0.0, =1.0.6, =0.2.0, =0.2.0, =0.0.0, =1.0.2, =1.0.0, =7.6.10, =7.8.6 and more Source cves: CVE-2026-42334 Source advisory: OSV:GHSA-WPG9-53FQ-2R8H...

01runmodel (>=1.0.3 <=1.0.4), 1405-authtokens (>=1.0.1 <=1.0.5) +9318 more potentially affected by CVE-2026-42334 via mongoose (>=1.0.0 <=6.13.8)

mongoose NPM version =1.0.0, =1.0.3, =1.0.1, =1.0.0, =1.0.0, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-42334 Source advisory: OSV:GHSA-WPG9-53FQ-2R8H...

@albertoielpo/kk-cli (>=1.1.0 <=1.1.2), @cyberskill/shared (>=2.20.0 <=2.27.0) +12 more potentially affected by CVE-2026-42334 via mongoose (>=9.0.0 <=9.1.5)

mongoose NPM version =9.0.0, =1.1.0, =2.20.0, =11.0.36, =11.7.0, =0.261.0, =0.98.0, =1.1.1, =9.0.0, =2.0.0, =1.0.2, =18.16.6, =18.17.2 Source cves: CVE-2026-42334 Source advisory: SNYK:JS-MONGOOSE-16425765...

PT-2026-37266

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 6.13.9 Mongoose versions prior to 7.8.9 Mongoose versions prior to 8.22.1 Mongoose versions prior to 9.1.6 Description A flaw in the sanitizeFilter query sanitization mechanism allows it to be bypassed using the $nor...

EUVD-2026-25661

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

UBUNTU-CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

CVE-2009-4530

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the URI...

CVE-2009-4535

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending a / slash character to the URI...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

VulnCheck KEV: CVE-2024-53900

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection...

EUVD-2009-4496

Malware in sbrugna...

EUVD-2019-4960

Malware in sbrugna...

EUVD-2009-4501

Malware in sbrugna...

Mongoose 安全漏洞

Mongoose is a MongoDB object modeling designed to work in an asynchronous environment. Mongoose suffers from a buffer overflow vulnerability that stems from a boundary error when the application processes untrusted input, which can be exploited by an attacker to cause an application crash or buff...

Linux Distros Unpatched Vulnerability : CVE-2019-12951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mongoose before 6.15. The parsemqtt function in mgmqtt.c has a critical heap-based buffer overflow. CVE-2019-12951 Note that Nessus...