GHSA-f825-f98c-gj3g

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-f825-f98c-gj3g/GHSA-f825-f98c-gj3g.json
Aliases
  • CVE-2022-2564
Published
2022-07-29T00:00:18Z
Modified
2022-08-11T22:11:23Z
Details

Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.\n\nAffected versions of this package are vulnerable to Prototype Pollution. The Schema.path() function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.

References

Affected packages

npm / mongoose

mongoose

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
6.4.6

Affected versions