EPSS
Percentile
97.6%
mongodb-query-parser is vulnerable to remote code execution (RCE). The vulnerability exists through the use of unsafe version of safer-eval, and context-eval in the older versions. This vulnerability is related to CVE-2019-10769.
safer-eval
context-eval
github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91a
github.com/mongodb-js/query-parser/commit/814b86b50665a3c2647c2f5d8c7f1b3ac3b54984
github.com/mongodb-js/query-parser/issues/16
github.com/mongodb-js/query-parser/pull/22