Security
Headlines

Headlines Latest CVEs

Headline

GHSA-f825-f98c-gj3g: Prototype pollution Schema.path in automattic/mongoose

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The Schema.path() function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.

2 years ago

#vulnerability #dos #nodejs #git #mongo

GitHub Advisory Database
GitHub Reviewed
CVE-2022-2564

Prototype pollution Schema.path in automattic/mongoose

High severity GitHub Reviewed Published Jul 29, 2022 • Updated Aug 4, 2022

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

npm mongoose (npm)

Affected versions

< 6.4.6

Description

Related news

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

2 years ago

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

1 day ago

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

1 day ago

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

1 day ago

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

1 day ago

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

2 days ago