CVE-2019-10758

Summary

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment.

Affected Software

VendorProductVersion RangeStatus
n/amongo-expressAll versions prior to version 0.54.0affected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References