Headline
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.
Related news
GHSA-f825-f98c-gj3g: Prototype pollution Schema.path in automattic/mongoose
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The `Schema.path()` function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.