.avif)
View all vulnerabilities
CVE-2022-2564
automattic/mongoose vulnerable to Prototype pollution via Schema.path
Description
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Prototype Pollution. The `Schema.path()` function is vulnerable to prototype pollution when setting the schema object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
6.9
Score Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Affected Versions
mongoose >= 6.0.0 < 6.4.6; mongoose < 5.13.15
Severity
Medium
Medium
Medium
Ecosystem
JavaScript
Publish Date
July 28, 2022
Modified Date
December 5, 2023