GHSA-hxwc-5vw9-2w4w

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak.

Recommendation

Upgrade to version 3.6.0 or later.

Ссылки

https://loopback.io/doc/en/lb3/Security-advisory-08-15-2018.html
https://www.npmjs.com/advisories/767

Пакеты

Наименование

loopback-connector-mongodb

npm

Затронутые версииВерсия исправления

<= 3.5.0

3.6.0

Дефекты

CWE-89

Дефекты

CWE-89