CVE-2021-23372

Published: Apr 13, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Affected (1)

Products: Mongo Express Project: Mongo Express

Mongo Express Project

1 product

Mongo Express

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mongo Express Project Mongo Express	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403

Source: report@snyk.io

Third Party Advisory

https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.