Mongo-express before 0.54.0 Insufficient Information Vulnerability
Mongo-express before 0.54.0 suffers from insufficient information vulnerability
The information has been provided by Jonathan Leitschuh
The original article can be found at:https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
Mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Mongo-express before 0.54.0