Lucene search
K

9 matches found

OSV
OSV
added 2023/10/17 2:21 p.m.53 views

GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

10CVSS8.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/17 2:21 p.m.51 views

Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

7.3AI score
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2023/07/17 3:30 a.m.5 views

1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +3991 more potentially affected by CVE-2023-3696 via mongoose (>=1.0.0 <=5.13.2)

mongoose NPM version =1.0.0, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.0.1, =0.17.6, =0.0.1, =1.0.16, =1.0.30, =3.7.0, =3.8.2 and more Source cves: CVE-2023-3696 Source advisory: OSV:GHSA-9M93-W8W6-76HH...

10CVSS7.7AI score0.0101EPSS
Exploits1
NVD
NVD
added 2023/07/17 1:15 a.m.36 views

CVE-2023-3696

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

10CVSS0.0101EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/17 12:0 a.m.15 views

CVE-2023-3696 Prototype Pollution in automattic/mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

10CVSS6.7AI score0.0101EPSS
Exploits1References2
CVE
CVE
added 2023/07/17 12:0 a.m.238 views

CVE-2023-3696

CVE-2023-3696 affects the GitHub repository automattic/mongoose, with the vulnerability present in versions before 7.3.4. The root cause is a prototype pollution flaw in the code path used for object merging. Exploitation details are not provided in the supplied documents, but CVSS metrics indica...

10CVSS9.4AI score0.0101EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/07/17 12:0 a.m.27 views

CVE-2023-3696 Prototype Pollution in automattic/mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

10CVSS9.3AI score0.0101EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/07/17 12:0 a.m.39 views

CVE-2023-3696 Prototype Pollution in automattic/mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4...

10CVSS9.7AI score0.0101EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/07/17 12:0 a.m.12 views

Cesanta Mongoose Web Server < 7.3.4 Prototype Pollution Vulnerability

Cesanta Mongoose Web Server is prone to a prototype pollution vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS9.1AI score0.0101EPSS
Exploits1References1
Rows per page
Query Builder