You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Snyk Description: ## Overview mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Information Exposure. Any query object with a _bsontype attribute is ignored, allowing attackers to bypass access control.
Remediation
Upgrade mongoose to version 4.13.21, 5.7.5 or higher.
Package Name: mongoose
Package Version: ['4.2.4']
Package Manager: npm
Target File: package.json
Severity Level: medium
Snyk ID: SNYK-JS-MONGOOSE-472486
Snyk CVE: CVE-2019-17426
Snyk CWE: CWE-200
Link to issue in Snyk: https://app.snyk.io/org/cse_rhicksiii91/project/14f822de-b806-4bd7-9ad2-767a7feebe1d
Snyk Description: ## Overview
mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Information Exposure. Any query object with a
_bsontypeattribute is ignored, allowing attackers to bypass access control.Remediation
Upgrade
mongooseto version 4.13.21, 5.7.5 or higher.References
The text was updated successfully, but these errors were encountered: