All vulnerabilities
CVE-2019-10758
MongoDB mongo-express Remote Code Execution Vulnerability
MongoDB — mongo-express
- Added to KEV catalog
- 10 December 2021
- Federal remediation due date
- 10 June 2022
CISA Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-10758
More MongoDB Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services