Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongoose vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-26529
The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7-6.18 (compiled with mbedTLS support) is vulnerable to remote OOB write attack via connection request after exhausting memory pool.
Cesanta Mongoose
Cesanta Mongoose 7.0
4
CVSSv2
CVE-2016-10533
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and previous versions and 3.0.X up to and including 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all th...
Express-restify-mongoose Project Express-restify-mongoose
5
CVSSv2
CVE-2009-4530
Mongoose 2.8.0 and previous versions allows remote malicious users to obtain the source code for a web page by appending ::$DATA to the URI.
Sergey Lyubka Mongoose
Sergey Lyubka Mongoose 2.4
5
CVSSv2
CVE-2017-7185
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and previous versions and Mongoose OS 1.2 and previous versions allows remote malicious users to cause a denial of service (crash) vi...
Cesanta Mongoose Os
Cesanta Mongoose Embedded Web Server Library
1 EDB exploit
5
CVSSv2
CVE-2022-25299
This affects the package cesanta/mongoose prior to 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable malicious users to write files to arbitrary locations outside the designated target folder.
Cesanta Mongoose
NA
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose before 6.4.6.
Mongoosejs Mongoose
7.5
CVSSv2
CVE-2018-20355
An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
7.5
CVSSv2
CVE-2018-20356
An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and previous versions allows a denial of service (application crash) or remote code execution.
Cesanta Mongoose
5
CVSSv2
CVE-2009-4535
Mongoose 2.8.0 and previous versions allows remote malicious users to obtain the source code for a web page by appending a / (slash) character to the URI.
Valenok Mongoose
2 EDB exploits
NA
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose before 7.3.4.
Mongoosejs Mongoose
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254
CVE-2024-32515
CVE-2024-21338
validation
CVE-2024-32522
dos
CVE-2024-2101
CVE-2024-21107
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »