Security
Headlines

Headlines Latest CVEs

Headline

GHSA-f825-f98c-gj3g: Prototype pollution Schema.path in automattic/mongoose

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The Schema.path() function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.

2 years ago

#vulnerability #dos #nodejs #git #mongo

GitHub Advisory Database
GitHub Reviewed
CVE-2022-2564

Prototype pollution Schema.path in automattic/mongoose

High severity GitHub Reviewed Published Jul 29, 2022 • Updated Aug 4, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

npm mongoose (npm)

Affected versions

< 6.4.6

Description

Related news

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

2 years ago

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago