mongo-express prior to 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mongo-express project mongo-express |