PT-2021-15469 · Unknown · Mongo-Express

Behnaz Hassanshahi

Published

2021-04-13

Updated

2021-10-06

CVE-2021-23372

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions mongo-express versions prior to the fixed version

Description The issue is related to a Denial of Service (DoS) condition that occurs when exporting an empty collection as CSV. This happens due to an unhandled exception, which leads to a crash.

Recommendations For all affected versions, update to a version that includes a fix for the unhandled exception when exporting empty collections as CSV. As a temporary workaround, consider avoiding the export of empty collections as CSV until a patch is available.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2021-23372

GHSA-M2R3-8492-VX59

SNYK-JS-MONGOEXPRESS-1085403

Affected Products

Mongo-Express

PT-2021-15469 · Unknown · Mongo-Express

CVE-2021-23372

Weakness Enumeration

Related Identifiers

Affected Products

References · 5