diegohaz/bodymen

Releases6

Frequency8 months 1 week

Last Release over 6 years ago

Stars48

Body parser middleware for MongoDB, Express and Nodejs (MEN)

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-10792 ↗	Feb 18, 2020Tuesday, 18 February 2020, 16:15	6.3 MEDIUM	6.5 MEDIUM
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.