Search Results | AttackerKB

Show filters

Topics 3 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2023-3696

Disclosure Date: July 17, 2023 (last updated October 08, 2023)

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-2564

Disclosure Date: July 28, 2022 (last updated February 24, 2025)

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2019-17426

Disclosure Date: October 10, 2019 (last updated November 27, 2024)

Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).

Attack Vector: Network Privileges: None User Interaction: None

0