BIT-mongoose-2022-2564
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/mongoose/BIT-mongoose-2022-2564.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-mongoose-2022-2564
- Aliases
- Published
- 2024-03-06T10:56:53.276Z
- Modified
- 2025-05-20T10:02:07.006Z
- Summary
- Prototype Pollution in automattic/mongoose
- Details
-
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.
- Database specific
{ "severity": "Critical", "cpes": [ "cpe:2.3:a:mongoosejs:mongoose:*:*:*:*:*:node.js:*:*" ] }- References
-
- https://github.com/Automattic/mongoose/blob/51e758541763b6f14569744ced15cc23ab8b50c6/lib/schema.js#L88-L141
- https://github.com/Automattic/mongoose/compare/6.4.5...6.4.6
- https://github.com/automattic/mongoose/commit/a45cfb6b0ce0067ae9794cfa80f7917e1fb3c6f8
- https://huntr.dev/bounties/055be524-9296-4b2f-b68d-6d5b810d1ddd
- https://nvd.nist.gov/vuln/detail/CVE-2022-2564
Affected packages
Bitnami / mongoose
Package
- Name
- mongoose
- Purl
- pkg:bitnami/mongoose
Severity
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator