Vulnerabilities

CVE-2025-23061

by Fred · 15/01/2025

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900.

More information : https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md

Similar

Tags: Cybersecurity Alert