Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-3696

Good to know:

icon
icon

Date: July 16, 2023

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

Language: JS

Severity Score

Related Resources (8)

https://huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467
https://github.com/Automattic/mongoose
https://nvd.nist.gov/vuln/detail/CVE-2023-3696
https://github.com/Automattic/mongoose/commit/f1efabf350522257364aa5c2cb36e441cf08f1a2
https://github.com/Automattic/mongoose/releases/tag/7.3.3
https://github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d
https://github.com/Automattic/mongoose/commit/e29578d2ec18a68aeb4717d66dd5eb66bae53de1
https://www.mend.io/vulnerability-database/CVE-2023-3696

Severity Score

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

icon

Upgrade Version

Upgrade to version mongoose - 6.11.3,7.3.4

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us