Home > Vulnerability Database > WS-2019-0160

Mend.io Vulnerability Database

WS-2019-0160

Good to know:

Date: August 14, 2018

loopback-connector-mongodb befpre 3.6.0 has NoSQL Injection vulnerability. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak.

Language: JS

Severity Score

7.3

Related Resources (2)

Url: https://github.com/strongloop/loopback-connector-mongodb/commit/ee24cd08b8ccc32711264831c71b1da628df357b#diff-567d120f151f51afa9605ebcf0f20106

Url: https://www.mend.io/vulnerability-database/WS-2019-0160

Severity Score

7.3

Weakness Type (CWE)

Code

CWE-17

Injection

CWE-74

SQL Injection

CWE-89

Top Fix

Upgrade Version

Upgrade to version 3.6.0

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2019-0160

Good to know:

Date: August 14, 2018

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?