CVE-2020-24391
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS
Description
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
Safe parsing and validation for MongoDB queries (filters), projections, and more.
GitHubWeb-based MongoDB admin interface, written with Node.js and Express
GitHub