CVE-2024-53900

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Dec 2, 2024
Updated: Dec 4, 2024
CWE ID 89

Summary

CVE-2024-53900 is a vulnerability affecting Mongoose, a popular Object Data Mapping library for Node.js, prior to version 8.8.3. this issue permits attackers to inject malicious queries into applications using Mongoose's $where operator in match queries, resulting in unintended data access or modification. An attacker could exploit this vulnerability by crafting a specially crafted query to bypass intended access restrictions, potentially leading to data breaches or unauthorized data manipulation. To mitigate this risk, users should upgrade to Mongoose version 8.8.3 or later as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share