Command Injection in marsdb

All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. Recommendation No fix is currently...

euro-coin-collector (>=0.0.1 <=1.0.0), forex-news-downloader (>=0.0.2 <=0.5.13) +11 more potentially affected by unknown CVE via marsdb (>=0.4.4 <=0.6.11)

marsdb NPM version =0.4.4, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =2.6.0, =2.8.7 - piedpiper-middle-out =5.8.1 Source cves: unknown CVE Source advisory: OSV:GHSA-5MRR-RGP6-X4GR...

GHSA-5MRR-RGP6-X4GR Command Injection in marsdb

All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. Recommendation No fix is currently...

Command Injection

Overview All versions of marsdb are vulnerable to Command Injection. In the DocumentMatcher class, selectors on $where clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed. Recommendation No fix is...

Intentionally Insecure Webapp for Security Training: OWASP Juice Shop

OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScri...