CVE-2025-23061 - Mongoose Search Injection Vulnerability
CVE ID : CVE-2025-23061 Published : Jan. 15, 2025, 5:15 a.m. | 1 hour, 29 minutes ago Description : Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900. Severity: 9.0 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-23061
Published : Jan. 15, 2025, 5:15 a.m. | 1 hour, 29 minutes ago
Description : Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Jan. 15, 2025, 5:15 a.m. | 1 hour, 29 minutes ago
Description : Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
