CVE-2019-10758

Sažetak

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.

Reference

https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10758

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

27-10-2025 - 17:12

Objavljeno

24-12-2019 - 22:15