Description
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Remediation
References
https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
Related Vulnerabilities
CVE-2021-3918 Vulnerability in npm package json-schema
CVE-2023-3691 Vulnerability in maven package org.webjars.npm:layui
CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-common_2.11
CVE-2022-25908 Vulnerability in npm package create-choo-electron
CVE-2021-21179 Vulnerability in maven package org.webjars.npm:electron