VDB
CVE-2024-53900
CVE-2024-53900
PUBLISHED
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
EPSS 52.18% · 98.0th percentile
Risk Scores
EPSS Score
52.18%
98.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | mongoose | 7.0.0, 0 |
| Bitnami | mongoose | 0, 7.0.0 |
Timeline
- Oct 21, 2021 CrowdSec Sighting
- Apr 15, 2022 CrowdSec Sighting
- Dec 2, 2024 CVE Published
- Dec 3, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 15, 2025 PoC Published
- Jan 19, 2025 PoC Published
- Jan 22, 2025 PoC Published
- Jan 29, 2025 Coalition ESS Score
- Feb 9, 2025 EPSS Score
- Feb 23, 2025 PoC Published
- Feb 24, 2025 PoC Published
References
- https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md url
- https://github.com/Automattic/mongoose/commit/c9e86bff7eef477da75a29af62a06d41a835a156 url
- https://github.com/Automattic/mongoose/releases url
- https://github.com/advisories/GHSA-m7xq-9374-9rvx url
- https://nvd.nist.gov/vuln/detail/CVE-2024-53900 url
- https://www.npmjs.com/package/mongoose?activeTab=versions url