Name of the Vulnerable Software and Affected Versions marsdb versions all

Description The issue allows attackers to run arbitrary commands in the system due to unsanitized selectors on $where clauses being passed to a Function constructor in the DocumentMatcher class. This enables Command Injection attacks when the function is executed.

Recommendations For marsdb versions all, consider using an alternative package until a fix is made available.