Lucene search
PRIOn knowledge basePRION:CVE-2016-10533HistoryMay 31, 2018 - 8:29 p.m.
Design/Logic Flaw
2018-05-3120:29:00
PRIOn knowledge base
www.prio-n.com
5
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for GET /User?distinct=password and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.
| CPE | Name | Operator | Version |
|---|---|---|---|
| express-restify-mongoose | le | 2.4.2 | |
| express-restify-mongoose | ge | 3.0.0 | |
| express-restify-mongoose | le | 3.0.1 |
Related
cvelist
cvelist
CVE-2016-10533
2018-04-26 00:00:00
cve
cve
CVE-2016-10533
2018-05-31 20:29:01
github
github
Private Data Disclosure in express-restify-mongoose
2018-10-23 17:14:57
osv
osv
CVE-2016-10533
2018-05-31 20:29:01
Private Data Disclosure in express-restify-mongoose
2018-10-23 17:14:57
nodejs
nodejs
Private Data Disclosure
2016-03-28 17:49:12
nvd
nvd
CVE-2016-10533
2018-05-31 20:29:01