Description

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Remediation

References

https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403

Related Vulnerabilities

CVE-2019-10795 Vulnerability in maven package org.webjars.npm:undefsafe

CVE-2019-10414 Vulnerability in maven package de.wellnerbou.jenkins:git-changelog

CVE-2021-44550 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp

CVE-2018-18628 Vulnerability in maven package ro.pippo:pippo-session

CVE-2013-7380 Vulnerability in npm package ep_imageconvert

Severity

High

Classification

CWE-754 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Third Party Advisory