0.975 High
EPSS
Percentile
100.0%
mongo-express is vulnerable to remote code execution (RCE). The vulnerability exists as the value of vm of the toBSON method could be misused to perform an arbitrary exec.
vm
toBSON
exec
github.com/mongo-express/mongo-express/commit/c7c9149702d6069aca7913820ad353f52439ab03
github.com/mongo-express/mongo-express/pull/522