@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by CVE-2020-24391 via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: CVE-2020-24391 Source advisory: OSV:GHSA-HXMG-HM46-CF62...

@mongodb-js/compass-aggregations (>=0.0.20 <=4.1.0), @mongodb-js/compass-export-to-language (>=2.2.22 <=2.2.24) +4 more potentially affected by unknown CVE via mongodb-query-parser (>=0.0.1 <=1.5.0)

mongodb-query-parser NPM version =0.0.1, =0.0.20, =2.2.22, =0.0.3, =3.0.0, =1.0.3, =0.0.1, =0.4.2 Source cves: unknown CVE Source advisory: OSV:GHSA-97MG-3CR6-3X4C...

Remote Code Execution in mongodb-query-parser

Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return clearImmediate.constructor"return...

GHSA-97MG-3CR6-3X4C Remote Code Execution in mongodb-query-parser

Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return clearImmediate.constructor"return...

Remote Code Execution

Overview Versions of mongodb-query-parser prior to 2.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize queries, allowing attackers to execute arbitrary code in the system. Parsing the following payload executes touch test-file: 'function return...