CVE-2019-10758: MongoDB mongo-express Remote Code Execution Vulnerability

CVE ID

CVE-2019-10758

Vulnerability Name

MongoDB mongo-express Remote Code Execution Vulnerability

• Project: MongoDB
• Product: mongo-express

Date

• Date Added: 2021-12-10
• Due Date: 2022-06-10

Description

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-10758

Related Security News

• MongoDB warns admins to patch severe RCE flaw immediately

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List