CVE-2021-21422
XSS Vulnerability in mongo-express
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, however this needs admin interaction on cell. 2: Data cells identified as media will be rendered as media, without being sanitized. Example of different renders: image, audio, video, etc. As an example of type 1 attack, an unauthorized user who only can send a large amount of data in a field of a document may use a payload with embedded javascript. This could send an export of a collection to the attacker without even an admin knowing. Other types of attacks such as dropping a database\collection are possible.
mongo-express es una interfaz de administración de MongoDB basada en la web, escrita con Node.js y express. 1: Como se menciona en este tema: https://github.com/mongo-express/mongo-express/issues/577, cuando el contenido de una celda crece más que el tamaño soportado, al hacer clic en una fila se mostrará el documento completo sin escapar, sin embargo esto necesita la interacción del administrador en la celda. 2: Las celdas de datos identificadas como medios de comunicación se renderizarán como medios de comunicación, sin ser saneados. Ejemplo de diferentes renderizados: imagen, audio, video, etc. Como ejemplo de ataque de tipo 1, un usuario no autorizado que sólo puede enviar una gran cantidad de datos en un campo de un documento puede utilizar una carga útil con javascript insertado. Esto podría enviar una exportación de una colección al atacante sin que ni siquiera un administrador lo sepa. Otros tipos de ataques, como la caída de base de datos\colección , son posibles
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2021-06-21 CVE Published
- 2024-03-06 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/mongo-express/mongo-express/issues/577 | 2024-08-03 | |
| https://github.com/mongo-express/mongo-express/security/advisories/GHSA-7p8h-86p5-wv3p | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/mongo-express/mongo-express/commit/f5e0d4931f856f032f22664b5e5901d5950cfd4b | 2021-06-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mongo-express Project Search vendor "Mongo-express Project" | Mongo-express Search vendor "Mongo-express Project" for product "Mongo-express" | <= 0.54.0 Search vendor "Mongo-express Project" for product "Mongo-express" and version " <= 0.54.0" | node.js |
Affected
| ||||||
| Mongo-express Project Search vendor "Mongo-express Project" | Mongo-express Search vendor "Mongo-express Project" for product "Mongo-express" | 1.0.0 Search vendor "Mongo-express Project" for product "Mongo-express" and version "1.0.0" | alpha1 |
Affected
| ||||||
| Mongo-express Project Search vendor "Mongo-express Project" | Mongo-express Search vendor "Mongo-express Project" for product "Mongo-express" | 1.0.0 Search vendor "Mongo-express Project" for product "Mongo-express" and version "1.0.0" | alpha3 |
Affected
| ||||||