mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON
method. A misuse of the vm
dependency to perform exec
commands in a non-safe environment.
[
{
"product": "mongo-express",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 0.54.0"
}
]
}
]