Skip to content

Latest commit

 

History

History
 
 

CVE-2019-10758

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

CVE-2019-10758 Mongo Express Remote Code Execution Vulnerability

Mongo Express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment.

Affected version: mongo-express < 0.54.0

FOFA query rule: title="Mongo Express"

Demo