Summary:
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
Published:
Tuesday, December 24, 2019 - 22:15
cvss:
5.0