GHSA-9m93-w8w6-76hh

Source

https://github.com/advisories/GHSA-9m93-w8w6-76hh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-9m93-w8w6-76hh/GHSA-9m93-w8w6-76hh.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9m93-w8w6-76hh

Aliases

Published

2023-07-17T03:30:20Z

Modified

2023-12-06T00:48:04.736853Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H CVSS Calculator

Summary

Mongoose Prototype Pollution vulnerability

Details

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.3, 6.11.3, and 5.13.20.

Database specific

{
    "nvd_published_at": "2023-07-17T01:15:08Z",
    "cwe_ids": [
        "CWE-1321"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T16:57:08Z"
}

References

Affected packages

npm / mongoose

Package

Name: mongoose; View open source insights on deps.dev
Purl: pkg:npm/mongoose

Affected ranges

Type: SEMVER
Events: Introduced

7.0.0

Fixed

7.3.3

Ecosystem specific

{
    "affected_functions": [
        "(mongoose).Model.findByIdAndUpdate"
    ]
}

npm / mongoose

Package

Name: mongoose; View open source insights on deps.dev
Purl: pkg:npm/mongoose

Affected ranges

Type: SEMVER
Events: Introduced

6.0.0

Fixed

6.11.3

Ecosystem specific

{
    "affected_functions": [
        "(mongoose).Model.findByIdAndUpdate"
    ]
}

npm / mongoose

Package

Name: mongoose; View open source insights on deps.dev
Purl: pkg:npm/mongoose

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.13.20

Ecosystem specific

{
    "affected_functions": [
        "(mongoose).Model.findByIdAndUpdate"
    ]
}