vulnerability

Mongo Express: CVE-2019-10758: Improper Control of Generation of Code

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Dec 24, 2019	Aug 14, 2025	Aug 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Dec 24, 2019

Added

Aug 14, 2025

Modified

Aug 14, 2025

Description

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.

Solution

mongo-express-upgrade-latest

References

CVE-2019-10758
https://attackerkb.com/topics/CVE-2019-10758
URL-https://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215
CWE-94

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today