11 matches found
mongo-express Remote Code Execution
mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...
CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...
MongoDB mongo-express Remote Code Execution Vulnerability
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method...
VulnCheck KEV: CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method...
mongo-express code execution vulnerability
mongo-express is a lightweight web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express versions prior to 0.54.0. An attacker can exploit this vulnerability to execute code with the help of an endpoint using the toBSON method...
CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...
CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...
CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment...
CVE-2019-10758
MongoDB mongo-express ≤0.53.x is vulnerable to Remote Code Execution via endpoints using toBSON, due to unsafe use of the vm module to run exec commands. Affected component: mongo-express server-side routes that invoke toBSON. Root cause: misusing vm to execute commands in a non-safe environment....
Remote Code Execution (RCE)
Overview mongo-express is a web-based MongoDB admin interface written with Node.js, Express and Bootstrap3 Affected versions of this package are vulnerable to Remote Code Execution RCE via endpoints that use the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe...
CVE-2019-10758
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...