mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

EUVD-2021-2220

Malware in sbrugna...

EUVD-2021-1282

Malware in sbrugna...

CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...

Mongo-Express Detection

Binary data mongoexpressdetect.nbin...

Mongo-Express < 0.54.0 RCE (CVE-2019-10758)

Binary data mongoexpressCVE-2019-10758dc.nbin...

Mongo-Express < 0.54.0 RCE

The version of the mongo-express Node.js module installed on the remote host is prior to 0.54.0. It is, therefore, affected by a remote code execution vulnerability via endpoints that use the 'toBSON' method. A misuse of the vm dependency allows performing 'exec' commands in a non-safe environmen...

bem-register (>=1.0.0 <=1.0.5), itstep_server (=0.0.1) +5 more potentially affected by CVE-2023-52555 via mongo-express (>=0.19.0 <=1.0.0-alpha.1)

mongo-express NPM version =0.19.0, =1.0.0, =0.1.1, =1.0.0, =4.6.12, =1.5.0, =1.6.1 Source cves: CVE-2023-52555 Source advisory: OSV:GHSA-FFFG-CWC9-XVJ7...

mongo-express Cross-site Request Forgery vulnerability

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

GHSA-FFFG-CWC9-XVJ7 mongo-express Cross-site Request Forgery vulnerability

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

CVE-2023-52555

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

CVE-2023-52555

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

CVE-2023-52555

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

mongo-express Security Vulnerability

mongo-express is a lightweight, web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express version 1.0.2, which stems from the presence of a cross-site request forgery CSRF vulnerability...

CVE-2023-52555

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

CVE-2023-52555

In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection...

PT-2024-14625 · Unknown · Mongo-Express

Name of the Vulnerable Software and Affected Versions: mongo-express version 1.0.2 Description: The issue allows for Cross-Site Request Forgery CSRF attacks, as demonstrated by the deletion of a Collection through the /admin endpoint. Recommendations: For mongo-express version 1.0.2, consider...

MongoDB mongo-express Remote Code Execution Vulnerability

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method...