CVE-2019-10758
| CVE Published | 2019-12-24 |
|---|---|
| Related Vendor(s) | mongo-express_project |
| Related Product(s) | mongo-express |
| Exploitation Reported (CISA KEV) | 2021-12-10 |
| CVSS 3 Base Score | 9.9 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph