CVE-2024-53900: Mongoose before 8.8.3 can improperly use $where in match.

0.0 CVSS

Description

Mongoose before 8.8.3 can improperly use $where in match.

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Vendor: n/a

Product: n/a

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

2024-12-03 00:12:57 UTC
CVE

Mongoose before 8.8.3 can improperly use $where in match.
2024-12-05 00:32:58 UTC
CVE

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
2025-01-16 15:15:23 UTC
Github Advisory Database (NPM)

[mongoose] Mongoose search injection vulnerability