loopback-connector-mongodb is the official MongoDB connector for the LoopBack framework.
Affected versions of this package are vulnerable to SQL Injection. Improper sanitising of filters passed to the database query, may cause code execution on the database driver and may also lead to data leakage.
loopback-connector-mongodb to version 3.6.0 or higher.
Do your applications use this vulnerable package?
- Nelson Brandão
- Snyk ID
- 15 Jan, 2019
- 20 Jan, 2019