9 matches found
GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose
Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...
Prototype Pollution in ali-security/mongoose
Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...
1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +3991 more potentially affected by CVE-2023-3696 via mongoose (>=1.0.0 <=5.13.2)
mongoose NPM version =1.0.0, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.17.6, =0.0.1, =1.0.16, =1.0.30, =3.7.0, =3.8.2 and more Source cves: CVE-2023-3696 Source advisory: OSV:GHSA-9M93-W8W6-76HH...
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696
CVE-2023-3696 affects the GitHub repository automattic/mongoose, with the vulnerability present in versions before 7.3.4. The root cause is a prototype pollution flaw in the code path used for object merging. Exploitation details are not provided in the supplied documents, but CVSS metrics indica...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
CVE-2023-3696 Prototype Pollution in automattic/mongoose
Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...
Cesanta Mongoose Web Server < 7.3.4 Prototype Pollution Vulnerability
Cesanta Mongoose Web Server is prone to a prototype pollution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...