diegohaz/bodymen on GitHub
Body parser middleware for MongoDB, Express and Nodejs (MEN)
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2019-10792 | 6.3 MEDIUM | 6.5 MEDIUM | |
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. |