diegohaz/bodymen

on GitHub

6 releases

new releases every 8 months 1 week

last release was 02/16/2020

last checked today at 5:15 AM

Body parser middleware for MongoDB, Express and Nodejs (MEN)

CVE History

CVE	Published	CVSS v2	CVSS v3
CVE-2019-10792	February 18, 2020	6.3 MEDIUM	6.5 MEDIUM
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.