- Description
- Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Prior to 6.13.9, 7.8.9, 8.22.1, and 9.1.6, a vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the $nor operator. When sanitizeFilter is enabled, Mongoose wraps query operators in $eq to neutralize them. However, prior to the fix, $nor was not included in the set of logical operators that are recursively sanitized. Because $nor accepts an array (like $and and $or), and arrays do not trigger hasDollarKeys(), malicious operators such as $ne, $gt, or $regex could be injected inside a $nor clause without being sanitized. This vulnerability is fixed in 6.13.9, 7.8.9, 8.22.1, and 9.1.6.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- mongoose
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "CBB0B526-FA31-4FBF-B978-BFF89CD1C4F8",
"versionEndExcluding": "6.13.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3B4DE619-C57D-47BF-8C59-7426C057D9E5",
"versionEndExcluding": "7.8.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "CFC38AA7-F763-4259-B609-07C374E94A10",
"versionEndExcluding": "8.22.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A849EB68-502F-4B87-B7D9-5021F2F17D5C",
"versionEndExcluding": "9.1.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]