Security Advisory

CVE-2019-10758

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-24 21:08:36

Last updated 2025-10-21 23:35:54

Assigner snyk

State PUBLISHED

Description

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.

← Browse all CVEs View on cve.org ↗