CVE-2022-2564

Name of the Vulnerable Software and Affected Versions mongoose versions prior to 6.4.6

Description The issue concerns a Prototype Pollution vulnerability in the mongoose package, a MongoDB object modeling tool. This vulnerability affects the Schema.path() function, allowing modification of the Object prototype, which could potentially lead to a Denial of Service (DoS) attack.

Recommendations For versions prior to 6.4.6, update to version 6.4.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Schema.path() function until a patch is applied.