Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10758
Related Vulnerabilities
CVE-2022-25875 Vulnerability in maven package org.webjars.npm:svelte
CVE-2022-39368 Vulnerability in maven package org.eclipse.californium:scandium
CVE-2021-25930 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2017-16155 Vulnerability in npm package fast-http-cli
CVE-2020-15095 Vulnerability in maven package org.webjars.npm:npm