The vulnerability of the populate() function in the Mongoose library allows a hacker to execute arbitrary code and gain access to read and modify data.

The vulnerability of the populate function in the Mongoose library is related to improper code generation when using the $where operator. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...

The vulnerability of the Mongoose library, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary code and gain access to read and modify data.

The vulnerability of the Mongoose library relates to the lack of protection for the SQL query structure when the $where operator is used. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain access to read and modify data...

GHSA-VG7J-7CWX-8WGW Mongoose search injection vulnerability

Mongoose versions prior to 8.9.5, 7.8.4, and 6.13.6 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access...

GHSA-M7XQ-9374-9RVX Mongoose search injection vulnerability

Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthoriz...

PT-2024-35970

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 8.8.3 Description The issue is related to the improper use of the $where operator in Mongoose, which can lead to search injection and potentially allow a remote attacker to execute arbitrary code and gain read and...