Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.12 views

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

9.1CVSS6.7AI score0.0166EPSS
Exploits0References1
OSV
OSV
added 2023/10/17 2:21 p.m.53 views

GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

10CVSS8.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/17 2:21 p.m.52 views

Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

7.3AI score
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2019/10/22 8:19 p.m.11 views

01runmodel (>=1.0.3 <=1.0.4), 18a58t9c-upload (>=1.0.0 <=1.0.3) +5655 more potentially affected by CVE-2019-17426 via mongoose (>=5.0.0 <=5.7.4)

mongoose NPM version =5.0.0, =1.0.3, =1.0.0, =1.0.0, =0.20.0, =1.0.4, =1.1.0, =0.1.0, =0.3.5, =0.17.9 and more Source cves: CVE-2019-17426 Source advisory: OSV:GHSA-8687-VV9J-HGPH...

9.1CVSS7.2AI score0.0166EPSS
Exploits0
NVD
NVD
added 2019/10/10 2:5 a.m.24 views

CVE-2019-17426

Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...

9.1CVSS9.1AI score0.0166EPSS
Exploits0References2
CVE
CVE
added 2019/10/10 12:35 a.m.142 views

CVE-2019-17426

Automattic Mongoose up to version 5.7.4 is affected. The root cause is that a query object containing a _bsontype attribute is ignored, which can bypass access control in some applications (e.g., a query filter interference with _bsontype). The CVE covers this behavior in older versions of the bs...

9.1CVSS9AI score0.0166EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder