CVE-2024-53900

Published December 2nd, 2024

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

N/A

Affected

2

PROJECTS

Description

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.

Mongoose MongoDB ODM

NPM

Automattic/mongoose

MongoDB object modeling designed to work in an asynchronous environment.

GitHub

27.5K