CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2: Data cells identified as media will be rendered as media, without being sanitized. Example of different renders: image, audio, video, etc. As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use a payload with embedded javascript. This could send an export of a collection to the attacker without even an admin knowing. Other types of attacks such as dropping a database\collection are possible.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.0%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 4.3

References

Products affected by CVE-2021-21422

Mongo-Express Project » Mongo-Express » Version: 0.10.0

cpe:2.3:a:mongo-express_project:mongo-express:0.10.0
Mongo-Express Project » Mongo-Express » Version: 0.11.0

cpe:2.3:a:mongo-express_project:mongo-express:0.11.0
Mongo-Express Project » Mongo-Express » Version: 0.11.1

cpe:2.3:a:mongo-express_project:mongo-express:0.11.1
Mongo-Express Project » Mongo-Express » Version: 0.11.2

cpe:2.3:a:mongo-express_project:mongo-express:0.11.2
Mongo-Express Project » Mongo-Express » Version: 0.11.3

cpe:2.3:a:mongo-express_project:mongo-express:0.11.3
Mongo-Express Project » Mongo-Express » Version: 0.12.0

cpe:2.3:a:mongo-express_project:mongo-express:0.12.0
Mongo-Express Project » Mongo-Express » Version: 0.13.0

cpe:2.3:a:mongo-express_project:mongo-express:0.13.0
Mongo-Express Project » Mongo-Express » Version: 0.14.0

cpe:2.3:a:mongo-express_project:mongo-express:0.14.0
Mongo-Express Project » Mongo-Express » Version: 0.14.1

cpe:2.3:a:mongo-express_project:mongo-express:0.14.1
Mongo-Express Project » Mongo-Express » Version: 0.15.0

cpe:2.3:a:mongo-express_project:mongo-express:0.15.0
Mongo-Express Project » Mongo-Express » Version: 0.16.0

cpe:2.3:a:mongo-express_project:mongo-express:0.16.0
Mongo-Express Project » Mongo-Express » Version: 0.16.1

cpe:2.3:a:mongo-express_project:mongo-express:0.16.1
Mongo-Express Project » Mongo-Express » Version: 0.17.0

cpe:2.3:a:mongo-express_project:mongo-express:0.17.0
Mongo-Express Project » Mongo-Express » Version: 0.17.1

cpe:2.3:a:mongo-express_project:mongo-express:0.17.1
Mongo-Express Project » Mongo-Express » Version: 0.17.2

cpe:2.3:a:mongo-express_project:mongo-express:0.17.2
Mongo-Express Project » Mongo-Express » Version: 0.17.3

cpe:2.3:a:mongo-express_project:mongo-express:0.17.3
Mongo-Express Project » Mongo-Express » Version: 0.17.4

cpe:2.3:a:mongo-express_project:mongo-express:0.17.4
Mongo-Express Project » Mongo-Express » Version: 0.17.5

cpe:2.3:a:mongo-express_project:mongo-express:0.17.5
Mongo-Express Project » Mongo-Express » Version: 0.2.1

cpe:2.3:a:mongo-express_project:mongo-express:0.2.1
Mongo-Express Project » Mongo-Express » Version: 0.2.2

cpe:2.3:a:mongo-express_project:mongo-express:0.2.2
Mongo-Express Project » Mongo-Express » Version: 0.2.3

cpe:2.3:a:mongo-express_project:mongo-express:0.2.3
Mongo-Express Project » Mongo-Express » Version: 0.27.4

cpe:2.3:a:mongo-express_project:mongo-express:0.27.4
Mongo-Express Project » Mongo-Express » Version: 0.29.10

cpe:2.3:a:mongo-express_project:mongo-express:0.29.10
Mongo-Express Project » Mongo-Express » Version: 0.3.0

cpe:2.3:a:mongo-express_project:mongo-express:0.3.0
Mongo-Express Project » Mongo-Express » Version: 0.3.1

cpe:2.3:a:mongo-express_project:mongo-express:0.3.1
Mongo-Express Project » Mongo-Express » Version: 0.3.2

cpe:2.3:a:mongo-express_project:mongo-express:0.3.2
Mongo-Express Project » Mongo-Express » Version: 0.3.3

cpe:2.3:a:mongo-express_project:mongo-express:0.3.3
Mongo-Express Project » Mongo-Express » Version: 0.3.4

cpe:2.3:a:mongo-express_project:mongo-express:0.3.4
Mongo-Express Project » Mongo-Express » Version: 0.32.0

cpe:2.3:a:mongo-express_project:mongo-express:0.32.0
Mongo-Express Project » Mongo-Express » Version: 0.33.0

cpe:2.3:a:mongo-express_project:mongo-express:0.33.0
Mongo-Express Project » Mongo-Express » Version: 0.34.0

cpe:2.3:a:mongo-express_project:mongo-express:0.34.0
Mongo-Express Project » Mongo-Express » Version: 0.35.0

cpe:2.3:a:mongo-express_project:mongo-express:0.35.0
Mongo-Express Project » Mongo-Express » Version: 0.37.0

cpe:2.3:a:mongo-express_project:mongo-express:0.37.0
Mongo-Express Project » Mongo-Express » Version: 0.37.1

cpe:2.3:a:mongo-express_project:mongo-express:0.37.1
Mongo-Express Project » Mongo-Express » Version: 0.37.2

cpe:2.3:a:mongo-express_project:mongo-express:0.37.2
Mongo-Express Project » Mongo-Express » Version: 0.38.0

cpe:2.3:a:mongo-express_project:mongo-express:0.38.0
Mongo-Express Project » Mongo-Express » Version: 0.39.0

cpe:2.3:a:mongo-express_project:mongo-express:0.39.0
Mongo-Express Project » Mongo-Express » Version: 0.39.1

cpe:2.3:a:mongo-express_project:mongo-express:0.39.1
Mongo-Express Project » Mongo-Express » Version: 0.39.2

cpe:2.3:a:mongo-express_project:mongo-express:0.39.2
Mongo-Express Project » Mongo-Express » Version: 0.4.0

cpe:2.3:a:mongo-express_project:mongo-express:0.4.0
Mongo-Express Project » Mongo-Express » Version: 0.40.0

cpe:2.3:a:mongo-express_project:mongo-express:0.40.0
Mongo-Express Project » Mongo-Express » Version: 0.41.0

cpe:2.3:a:mongo-express_project:mongo-express:0.41.0
Mongo-Express Project » Mongo-Express » Version: 0.42.0

cpe:2.3:a:mongo-express_project:mongo-express:0.42.0
Mongo-Express Project » Mongo-Express » Version: 0.42.1

cpe:2.3:a:mongo-express_project:mongo-express:0.42.1
Mongo-Express Project » Mongo-Express » Version: 0.42.2

cpe:2.3:a:mongo-express_project:mongo-express:0.42.2
Mongo-Express Project » Mongo-Express » Version: 0.42.3

cpe:2.3:a:mongo-express_project:mongo-express:0.42.3
Mongo-Express Project » Mongo-Express » Version: 0.43.0

cpe:2.3:a:mongo-express_project:mongo-express:0.43.0
Mongo-Express Project » Mongo-Express » Version: 0.43.1

cpe:2.3:a:mongo-express_project:mongo-express:0.43.1
Mongo-Express Project » Mongo-Express » Version: 0.44.0

cpe:2.3:a:mongo-express_project:mongo-express:0.44.0
Mongo-Express Project » Mongo-Express » Version: 0.45.0

cpe:2.3:a:mongo-express_project:mongo-express:0.45.0
Mongo-Express Project » Mongo-Express » Version: 0.46.0

cpe:2.3:a:mongo-express_project:mongo-express:0.46.0
Mongo-Express Project » Mongo-Express » Version: 0.46.1

cpe:2.3:a:mongo-express_project:mongo-express:0.46.1
Mongo-Express Project » Mongo-Express » Version: 0.47.0

cpe:2.3:a:mongo-express_project:mongo-express:0.47.0
Mongo-Express Project » Mongo-Express » Version: 0.48.0

cpe:2.3:a:mongo-express_project:mongo-express:0.48.0
Mongo-Express Project » Mongo-Express » Version: 0.48.1

cpe:2.3:a:mongo-express_project:mongo-express:0.48.1
Mongo-Express Project » Mongo-Express » Version: 0.49.0

cpe:2.3:a:mongo-express_project:mongo-express:0.49.0
Mongo-Express Project » Mongo-Express » Version: 0.5.0

cpe:2.3:a:mongo-express_project:mongo-express:0.5.0
Mongo-Express Project » Mongo-Express » Version: 0.50.0

cpe:2.3:a:mongo-express_project:mongo-express:0.50.0
Mongo-Express Project » Mongo-Express » Version: 0.51.0

cpe:2.3:a:mongo-express_project:mongo-express:0.51.0
Mongo-Express Project » Mongo-Express » Version: 0.51.1

cpe:2.3:a:mongo-express_project:mongo-express:0.51.1
Mongo-Express Project » Mongo-Express » Version: 0.51.2

cpe:2.3:a:mongo-express_project:mongo-express:0.51.2
Mongo-Express Project » Mongo-Express » Version: 0.52.0

cpe:2.3:a:mongo-express_project:mongo-express:0.52.0
Mongo-Express Project » Mongo-Express » Version: 0.52.1

cpe:2.3:a:mongo-express_project:mongo-express:0.52.1
Mongo-Express Project » Mongo-Express » Version: 0.52.2

cpe:2.3:a:mongo-express_project:mongo-express:0.52.2
Mongo-Express Project » Mongo-Express » Version: 0.53.0

cpe:2.3:a:mongo-express_project:mongo-express:0.53.0
Mongo-Express Project » Mongo-Express » Version: 0.54.0

cpe:2.3:a:mongo-express_project:mongo-express:0.54.0
Mongo-Express Project » Mongo-Express » Version: 0.6.0

cpe:2.3:a:mongo-express_project:mongo-express:0.6.0
Mongo-Express Project » Mongo-Express » Version: 0.7.0

cpe:2.3:a:mongo-express_project:mongo-express:0.7.0
Mongo-Express Project » Mongo-Express » Version: 0.7.1

cpe:2.3:a:mongo-express_project:mongo-express:0.7.1
Mongo-Express Project » Mongo-Express » Version: 0.8.0

cpe:2.3:a:mongo-express_project:mongo-express:0.8.0
Mongo-Express Project » Mongo-Express » Version: 0.8.1

cpe:2.3:a:mongo-express_project:mongo-express:0.8.1
Mongo-Express Project » Mongo-Express » Version: 0.9.0

cpe:2.3:a:mongo-express_project:mongo-express:0.9.0
Mongo-Express Project » Mongo-Express » Version: 1.0.0

cpe:2.3:a:mongo-express_project:mongo-express:1.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21422

Products

Pricing

Contact Us