Lucene search
K

13 matches found

Nuclei
Nuclei
added 4 days ago216 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.8AI score0.84845EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.32 views

Mongo-Express < 0.54.0 RCE (CVE-2019-10758)

Binary data mongoexpressCVE-2019-10758dc.nbin...

9.9CVSS9.5AI score0.84845EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.28 views

Mongo-Express < 0.54.0 RCE

The version of the mongo-express Node.js module installed on the remote host is prior to 0.54.0. It is, therefore, affected by a remote code execution vulnerability via endpoints that use the 'toBSON' method. A misuse of the vm dependency allows performing 'exec' commands in a non-safe environmen...

9.9CVSS9.1AI score0.84845EPSS
Exploits3References2
Check Point Advisories
Check Point Advisories
added 2020/01/02 12:0 a.m.52 views

MongoDB mongo-express Remote Code Execution (CVE-2019-10758)

A remote code execution vulnerability exists in MongoDB mongo-express. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.6AI score0.84845EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2019/12/30 7:30 p.m.9 views

bem-register (>=1.0.0 <=1.0.5), itstep_server (=0.0.1) +4 more potentially affected by CVE-2019-10758 via mongo-express (>=0.19.0 <=0.53.0)

mongo-express NPM version =0.19.0, =1.0.0, =0.1.1, =1.0.0, =1.5.0, =1.6.1 Source cves: CVE-2019-10758 Source advisory: OSV:GHSA-H47J-HC6X-H3QQ...

9.9CVSS7.2AI score0.84845EPSS
Exploits3
Circl
Circl
added 2019/12/30 3:36 a.m.31 views

CVE-2019-10758

creationtimestamp| type| source ---|---|--- 2019-12-30 03:36:07+00:00| published-proof-of-concept| https://github.com/mongo-express/mongo-express/security/advisories/GHSA-h47j-hc6x-h3qq 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-03 23:21:18+00:00| seen|...

9.9CVSS7AI score0.84845EPSS
In wildExploits3References9
GithubExploit
GithubExploit
added 2019/12/26 6:58 a.m.117 views

Exploit for Code Injection in Mongo-Express_Project Mongo-Express

CVE-2019-10758 PoC Setup docker run -p 27017:27017 -...

9.9CVSS9.4AI score0.84845EPSS
Exploits3
OSV
OSV
added 2019/12/24 10:15 p.m.33 views

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

9.9CVSS9.7AI score0.84845EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2019/12/24 9:8 p.m.5 views

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

7.5AI score0.84845EPSS
Exploits3References1
CVE
CVE
added 2019/12/24 9:8 p.m.1032 views

CVE-2019-10758

MongoDB mongo-express ≤0.53.x is vulnerable to Remote Code Execution via endpoints using toBSON, due to unsafe use of the vm module to run exec commands. Affected component: mongo-express server-side routes that invoke toBSON. Root cause: misusing vm to execute commands in a non-safe environment....

9.9CVSS9.5AI score0.84845EPSS
In wildExploits3References2Affected Software1
Cvelist
Cvelist
added 2019/12/24 9:8 p.m.37 views

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

9.7AI score0.84845EPSS
Exploits3References1
vulnersOsv
vulnersOsv
added 2019/10/14 10:20 a.m.4 views

bem-register (>=1.0.0 <=1.0.5), itstep_server (=0.0.1) +4 more potentially affected by CVE-2019-10758 via mongo-express (>=0.19.0 <=0.53.0)

mongo-express NPM version =0.19.0, =1.0.0, =0.1.1, =1.0.0, =1.5.0, =1.6.1 Source cves: CVE-2019-10758 Source advisory: SNYK:JS-MONGOEXPRESS-473215...

9.9CVSS7.2AI score0.84845EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2019/07/15 12:0 a.m.27 views

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.9CVSS4.6AI score0.84845EPSS
In wildExploits3References2
Rows per page
Query Builder