Name of the Vulnerable Software and Affected Versions mongodb-query-parser versions prior to 2.0.0

Description The issue concerns a failure to sanitize queries, which allows attackers to execute arbitrary code in the system. This can be achieved by parsing a specific payload, such as the one that executes touch test-file using the following code: (function () { return (clearImmediate.constructor("return process;")()).mainModule.require("child process").execSync("touch test-file").toString()})().

Recommendations Upgrade to version 2.0.0 or later.