Tag
Mongoose versions before 6.13.9, versions 7.0.0 through 7.8.8, versions 8.0.0 through 8.22.0, and versions 9.0.0 through 9.1.5 are vulnerable to NoSQL injection due to improper sanitization of the $nor operator, potentially allowing attackers to bypass query sanitization and exfiltrate data.