Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work arou...
9.1CVSS
9AI Score
0.002EPSS
9.8CVSS
8.1AI Score
0.006EPSS
9.8CVSS
9.3AI Score
0.002EPSS