CVE-2024-53900

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-53900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-53900
Aliases
Published
2024-12-02T20:15:08.347Z
Modified
2026-03-15T22:49:24.619211Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.

References

Affected packages

Git / github.com/automattic/mongoose

Affected ranges

Type
GIT
Repo
https://github.com/automattic/mongoose
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
15bdccf78ca96c85038346c2ceccb934b1c54f40
Introduced
3d2dc4190446c64e604ea55513b41bf5a9af86c5
Fixed
c79a922e451a0c5b894f0e6917c63fef4c237f4b
Introduced
4e782340cda0c51d2e3e7456a115a94b706f5b2b
Fixed
bb98dcf859b2cf0cc7da9d16d9d09afe445321f3
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
408901d70d7cd2d740f826c98f0fe2fd62237df5
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c28cffea0a47ce07a4b154d4435eacfbc72c56d7
Fixed
c9e86bff7eef477da75a29af62a06d41a835a156
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.13.5"
        },
        {
            "introduced": "7.0.1"
        },
        {
            "fixed": "7.8.3"
        },
        {
            "introduced": "8.0.1"
        },
        {
            "fixed": "8.8.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-rc0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.0-rc0"
        }
    ]
}

Affected versions

5.*
5.13.17
6.*
6.10.2
6.10.3
6.10.4
6.10.5
6.11.0
6.11.1
6.11.2
6.11.3
6.11.4
6.11.5
6.11.6
6.12.0
6.12.1
6.12.2
6.12.4
6.12.5
6.12.6
6.12.7
6.12.8
6.12.9
6.13.0
6.13.1
6.13.2
6.13.3
6.13.4
7.*
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.1.0
7.1.1
7.1.2
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.3.0
7.3.1
7.3.2
7.3.3
7.3.4
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.5.0
7.5.1
7.5.2
7.5.3
7.5.4
7.6.0
7.6.1
7.6.10
7.6.11
7.6.12
7.6.13
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9
7.7.0
7.8.0
7.8.1
7.8.2
8.*
8.0.0
8.0.0-rc0
8.0.1
8.0.2
8.0.3
8.0.4
8.1.0
8.1.1
8.1.2
8.1.3
8.2.0
8.2.1
8.2.2
8.2.3
8.2.4
8.3.0
8.3.1
8.3.2
8.3.3
8.3.4
8.3.5
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.5.0
8.5.1
8.5.2
8.5.3
8.5.4
8.5.5
8.6.0
8.6.1
8.6.2
8.6.3
8.6.4
8.7.0
8.7.1
8.7.2
8.7.3
8.8.0
8.8.1
8.8.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53900.json"