Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JS-MONGOOSE-472486
- published 10 Oct 2019
- disclosed 10 Jul 2019
- credit xiaofen9
How to fix?
mongoose to version 4.13.21, 5.7.5 or higher.
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Information Exposure. Any query object with a
_bsontype attribute is ignored, allowing attackers to bypass access control.