Mongo-Express 漏洞列表

共找到 2 个与 Mongo-Express 相关的漏洞

📅 加载漏洞趋势中...

CVE-2019-10758: Mongo-Express Remote Code Execution POC

日期: 2025-09-01 | 影响软件: Mongo-Express

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. Shodan: http.title:"Mongo Express" Fofa: title="Mongo Express"
CVE-2020-24391: Mongo-Express - Remote Code Execution POC

日期: 2025-08-01 | 影响软件: Mongo-Express

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server.