Vulnerabilities (CVE)

Vendor filter

Mongoosejs Subscribe

Product filter

Mongoose Subscribe


1 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17426 1 Mongoosejs 1 Mongoose 2019-10-16 6.4
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter....