CVE-2020-35666

Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedosbase.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id$ne=1 value...

CVE-2020-35666

Steedos Platform (until version 1.21.24) is affected by a NoSQL injection in the /api/collection/findone handler. The underlying issue is inadequate validation of req.body in server/packages/steedos_base.js, which can be exploited using MongoDB operators (e.g., X-User-Id[$ne]=1) to influence quer...

GHSA-HXWC-5VW9-2W4W NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...

GHSA-F5CV-XRV9-R8W7 NoSQL injection in express-cart

Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query which...

NoSQL injection in express-cart

Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query which...

GitHub Security Lab: Golang : Add MongoDb NoSQL injection sinks

This bug was reported directly to GitHub Security Lab...

GHSA-WFP9-VR4J-F49J NoSQL Injection in sequelize

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection. Recommendation Upgrade to version 4.12.0 or later...

NoSQL Injection in sequelize

Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection. Recommendation Upgrade to version 4.12.0 or later...

GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

NoSQL Injection

Overview Versions of sequelize prior to 4.12.0 are vulnerable to NoSQL Injection. Query operators such as $gt are not properly sanitized and may allow an attacker to alter data queries, leading to NoSQL Injection. Recommendation Upgrade to version 4.12.0 or later References - GitHub Issue - Snyk...

How to Attack and Defend a Prosthetic Arm

The IoT world has long since grown beyond the now-ubiquitous smartwatches, smartphones, smart coffee machines, cars capable of sending tweets and Facebook posts and other stuff like fridges that send spam. Today's IoT world now boasts state-of-the-art solutions that quite literally help people...

NoSQL Injection

Overview Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later. References -...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

Sql injection

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1784

IBM API Connect 5.0.0.0 and 5.0.8.4 is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. IBM X-Force ID: 148807...

CVE-2018-1784

The CVE-2018-1784 entry affects IBM API Connect 5.0.0.0–5.0.8.4 due to a NoSQL Injection in the MongoDB connector for the LoopBack framework. Affected component: LoopBack MongoDB connector; root cause: NoSQL injection vulnerability. Impact notes from sources indicate high severity (CVSSv3 base sc...

Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-1784 DESCRIPTION: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework. CVSS Base Score: 7.1 CVSS Temporal Score: See for the current score CVSS...