7 matches found
NoSQL Injection in loopback-connector-mongodb
Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...
GHSA-HXWC-5VW9-2W4W NoSQL Injection in loopback-connector-mongodb
Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...
GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb
Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...
@colmena/api (=0.1.0), agneta-platform (>=0.13.0-beta.1 <=0.13.0-beta.9) +21 more potentially affected by unknown CVE via loopback-connector-mongodb (>=1.13.3 <=3.2.1)
loopback-connector-mongodb NPM version =1.13.3, =0.13.0-beta.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.4, =1.0.1, =0.1.1, =1.7.0, =1.7.61 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M734-R4G6-34F9...
NoSQL Injection in loopback-connector-mongodb
Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...
NoSQL Injection
Overview Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later. References -...
NoSQL Injection
loopback-connector-mongodb is susceptible to NoSQL injection attack. The buildWhere and buildSort functions fail to sanitize the filter passed to the database query, allowing the attacker to inject and execute arbitrary NoSQL queries...