CVE-2024-53900

Published Dec 2, 2024

Last updated 3 months ago

CVSS critical 9.1

Overview

Description: Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
Source: cve@mitre.org
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-89

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 1

Actively exploited CVE : CVE-2024-53900
@transilienceai
26 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53900
@transilienceai
25 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53900
@transilienceai
24 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53900
@transilienceai
22 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-53900
@transilienceai
22 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulnerabilities (CVE-2024-53900, CVE-2025-23061) found in Mongoose ODM can lead to data theft and RCE for MongoDB apps. Patches released, upgrades recommended. ⚠️🔒 #MongoDB #DataSecurity #USA link: https://t.co/WhUM0A40IJ https://t.co/EaWm2TDd2k
@TweetThreatNews
21 Feb 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Critical Flaws in Mongoose Library Expose MongoDB to Data Theft and Code Execution 📅 Timeline: Disclosure: 2024-11-01 Patch: 2025-02-20 📌 Attribution: Identified by security researcher Dat Phung. 🆔 cveId: CVE-2024-53900 📊 baseScore: 9.1 📏… https:
@syedaquib77
21 Feb 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-53900とCVE-2025-23061、めちゃくちゃ既視感がある具体的に言えばTSG CTF 2023
@st98_
26 Jan 2025
1567 Impressions
0 Retweets
17 Likes
8 Bookmarks
0 Replies
1 Quote
Threat Alert: Critical MongoDB Vulnerability: Search Injection Flaw Affects Millions of Apps CVE-2025-23061 CVE-2024-53900 Severity: 🔴 High Maturity: 🧨 Trending Learn more: https://t.co/tShbo0HeUj #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
22 Jan 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53900 Mongoose before 8.8.3 can improperly use $where in match. https://t.co/lKMvwSgY0B
@CVEnew
2 Dec 2024
460 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

https://nvd.nist.gov/vuln/detail/CVE-2024-53900
https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md
https://github.com/Automattic/mongoose/commit/c9e86bff7eef477da75a29af62a06d41a835a156
https://github.com/Automattic/mongoose/releases
https://github.com/advisories/GHSA-m7xq-9374-9rvx
https://www.npmjs.com/package/mongoose?activeTab=versions

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

References