cbcvebase.
CVE-2022-2564
published 2022-07-28

CVE-2022-2564: Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
32.68%
98.1th percentile
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

Affected

6 ranges
VendorProductVersion rangeFixed in
automatticautomattic_mongoose>= unspecified < 6.4.66.4.6
cesantamongoose>= 0 < 5.13.155.13.15
cesantamongoose>= 6.0.0 < 6.4.66.4.6
mongoosejsmongoose< 5.13.155.13.15
mongoosejsmongoose>= 6.0.0 < 6.4.66.4.6
seal-securitymongoose-fixed>= 5.3.3 < 5.3.45.3.4

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.0HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
ghsa9.1CRITICAL
osv9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.