Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
Related Vulnerabilities
CVE-2023-50572 Vulnerability in maven package org.jline:jline-console
CVE-2022-0437 Vulnerability in npm package karma
CVE-2022-31112 Vulnerability in npm package parse-server
CVE-2022-36033 Vulnerability in maven package org.jsoup:jsoup
CVE-2022-21213 Vulnerability in maven package org.webjars.npm:mout