You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper handling of $where in match queries. An attacker can manipulate search queries to inject malicious code.
Remediation
Upgrade mongoose to version 6.13.5, 7.8.3, 8.8.3 or higher.
Detailed paths
Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic due to the improper handling of
$wherein match queries. An attacker can manipulate search queries to inject malicious code.Remediation
Upgrade
mongooseto version 6.13.5, 7.8.3, 8.8.3 or higher.References
SNYK-JS-MONGOOSE-8446504
(CVE-2024-53900) [email protected]
The text was updated successfully, but these errors were encountered: