CVE-2024-53900

Published Dec 2, 2024

Last updated 5 months ago

CVSS critical 9.1

Overview

Description
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.
Source
cve@mitre.org
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-89

Social media

Hype score
Not currently trending

  1. تشكل مكتبة 'Mongoose' للODM من MogoDB تهديدات خطيرة عند انكشافها، مثل الوصول غير المصرح به، استخراج البيانات وتنفيذ التعليمات عن بُعد. الفحوصات الأمنية المستمرة مع CTI و ASM وكيفية منع استغلال CVE-2024-53900 و CVE-2025-23061: https://t.co/ITcv81mufe https://t.co/aokc6hXiLn

    @CriminalIP_AR

    21 Mar 2025

    38 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  2. MongooseのRCE脆弱性「CVE-2024-53900」&「CVE-2025-23061」 MongoDBのODMライブラリである「Mongoose」は、外部に公開されると、無認証アクセス、データ流出、リモートコード実行など、深刻なセキュリティの脅威を引き起こします。 https://t.co/UjmRYzZVs3

    @CriminalIP_JP

    21 Mar 2025

    110 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. 몽구스 RCE 취약점 CVE-2024-53900 & CVE-2025-23061 MongoDB의 ODM 라이브러리 '몽구스'는 외부 노출 시 무인증 접근, 데이터 유출, 원격 코드 실행 등 심각한 보안 위협을 야기합니다. CTI와 ASM을 통한 지속적인 보안 상태 점검과 보안 공격 예방법을 확인해보세요: https://t.co/Tbl6kf4wW4 https://t.co/G7w2V3Suey

    @CriminalIP_KR

    21 Mar 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Mongoose RCE Vulnerabilities: CVE-2024-53900 & CVE-2025-23061 The Mongoose ODM library for MongoDB creates significant security risks when exposed, enabling unauthenticated access, data leakage, and remote code execution. Learn more about proactive security checks and how to

    @CriminalIP_US

    20 Mar 2025

    85 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🟡Critical MongoDB Vulnerabilities Two severe flaws (CVE-2024-53900 & CVE-2025-23061) in the Mongoose library enable data theft & remote code execution. Patch immediately to v8.9.5. Unpatched systems remain at risk. 🔗https://t.co/lmI3WLb7K1 #CyberSecurity #MongoDB #I

    @Osec__

    5 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2024-53900

    @transilienceai

    26 Feb 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2024-53900

    @transilienceai

    26 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2024-53900

    @transilienceai

    25 Feb 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2024-53900

    @transilienceai

    24 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2024-53900

    @transilienceai

    22 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2024-53900

    @transilienceai

    22 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Critical vulnerabilities (CVE-2024-53900, CVE-2025-23061) found in Mongoose ODM can lead to data theft and RCE for MongoDB apps. Patches released, upgrades recommended. ⚠️🔒 #MongoDB #DataSecurity #USA link: https://t.co/WhUM0A40IJ https://t.co/EaWm2TDd2k

    @TweetThreatNews

    21 Feb 2025

    18 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. ⚠️ Vulnerability Alert: Critical Flaws in Mongoose Library Expose MongoDB to Data Theft and Code Execution 📅 Timeline: Disclosure: 2024-11-01 Patch: 2025-02-20 📌 Attribution: Identified by security researcher Dat Phung. 🆔 cveId: CVE-2024-53900 📊 baseScore: 9.1 📏… https:

    @syedaquib77

    21 Feb 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. CVE-2024-53900とCVE-2025-23061、めちゃくちゃ既視感がある 具体的に言えばTSG CTF 2023

    @st98_

    26 Jan 2025

    1567 Impressions

    0 Retweets

    17 Likes

    8 Bookmarks

    0 Replies

    1 Quote

  15. Threat Alert: Critical MongoDB Vulnerability: Search Injection Flaw Affects Millions of Apps CVE-2025-23061 CVE-2024-53900 Severity: 🔴 High Maturity: 🧨 Trending Learn more: https://t.co/tShbo0HeUj #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    22 Jan 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-53900 Mongoose before 8.8.3 can improperly use $where in match. https://t.co/lKMvwSgY0B

    @CVEnew

    2 Dec 2024

    460 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References