Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Mongo-Express Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2019-10758

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment.

9.9CVSS

9.5AI Score

0.974EPSS

2019-12-24 10:15 PM
879
In Wild
3
cve
cve

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.

9.8CVSS

9.3AI Score

0.479EPSS

2021-03-30 09:15 PM
56