Skip to main content

Mongo Express

3 CVEs product

Monthly

CVE-2021-21422 npm MEDIUM POC PATCH This Month

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js XSS Mongo Express
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-23372 npm HIGH This Week

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mongo Express
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2019-10758 npm CRITICAL POC KEV PATCH THREAT Act Now

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mongo Express
NVD
CVSS 3.1
9.9
EPSS
84.8%
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js XSS Mongo Express
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mongo Express
NVD
EPSS 85% CVSS 9.9
CRITICAL POC KEV PATCH THREAT Act Now

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Mongo Express
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy