GitHub

MongoDB Mongoose Search Injection Vulnerability (CVE-2025-23061)

janeiro 21, 2025

Overview Recently, NSFOCUS CERT detected a security announcement issued by GitHub that fixed a search injection vulnerability (CVE-2025-23061) in Mongoose, which is an incomplete fix for CVE-2024-53900. Because Mongoose incorrectly handles the $where filter with match conditions in the populate() method, an unauthenticated attacker can manipulate a search injection when both queries are used, resulting […]

Search

Inscreva-se no Blog da NSFOCUS