admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-05 10:16:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2019-10758

Browse Source
This commit is contained in:
tardc 2020-04-28 12:31:55 +08:00
parent 8b1d79331e
commit 2ec50146b0
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
Mongo-Express/CVE-2019-10758/CVE-2019-10758.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 807 KiB

11
Mongo-Express/CVE-2019-10758/README.md Normal file
View File

@ -0,0 +1,11 @@
# CVE-2019-10758 Mongo Express Remote Code Execution Vulnerability
Mongo Express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
**Affected version**: mongo-express < 0.54.0
**[FOFA](https://fofa.so/result?qbase64=dGl0bGU9Ik1vbmdvIEV4cHJlc3Mi) query rule**: title="Mongo Express"
# Demo
![](CVE-2019-10758.gif)