CVE-2019-10758: Code Injection

December 24, 2019 (updated January 2, 2020)

mongo-express is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment.

References

nvd.nist.gov/vuln/detail/CVE-2019-10758

Detect and mitigate CVE-2019-10758 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →