Product

Mongoose >= 7.0.0, <= 7.8.8

1 brief RSS

Mongoose NoSQL Injection Vulnerability via $nor Operator

Mongoose versions before 6.13.9, versions 7.0.0 through 7.8.8, versions 8.0.0 through 8.22.0, and versions 9.0.0 through 9.1.5 are vulnerable to NoSQL injection due to improper sanitization of the $nor operator, potentially allowing attackers to bypass query sanitization and exfiltrate data.

mongoose < 6.13.9 +3 nosql-injection mongoose sanitizeFilter

2r 1t 35m ago