CVE-2019-10758 - MongoDB mongo-express Remote Code Execution Vulnerability
Project:MongoDB
Product:mongo-express
Date Added:2021-12-10Due Date:2022-06-10
Vulnerability Name
MongoDB mongo-express Remote Code Execution Vulnerability
Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-10758