Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Automattic Mongoose 输入验证错误漏洞
Vulnerability Description
Automattic Mongoose是一款用于异步环境的MongoDB对象建模工具。 Automattic Mongoose 5.7.4及之前版本中存在安全漏洞。攻击者可利用该漏洞绕过访问控制。
CVSS Information
N/A
Vulnerability Type
N/A