PT-2020-21354 — SQL injection in Ibm Loopback-Connector-Mongodb

PT-2020-21354 · Ibm · Loopback-Connector-Mongodb

Published

2020-09-02

Updated

2020-09-02

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions loopback-connector-mongodb versions prior to 3.6.0

Description The issue arises from the lack of proper sanitization of filters passed to the database query, leading to NoSQL Injection. This allows for the execution of code on the database driver and can result in data leaks.

Recommendations Upgrade to version 3.6.0 or later.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

GHSA-HXWC-5VW9-2W4W

Affected Products

Loopback-Connector-Mongodb

PT-2020-21354 · Ibm · Loopback-Connector-Mongodb

Weakness Enumeration

Related Identifiers

Affected Products

References · 4