Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
Related Vulnerabilities
CVE-2021-33561 Vulnerability in maven package com.shopizer:shopizer
CVE-2013-5960 Vulnerability in maven package org.owasp.esapi:esapi
CVE-2022-35915 Vulnerability in npm package openzeppelin-solidity
CVE-2022-43435 Vulnerability in maven package org.jenkins-ci.plugins.plugin:fireline
CVE-2020-14967 Vulnerability in maven package org.webjars.bower:jsrsasign