Critical severityNVD Advisory· Published Mar 30, 2021· Updated Aug 4, 2024
CVE-2020-24391
CVE-2020-24391
Description
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mongodb-query-parsernpm | < 2.0.0 | 2.0.0 |
Affected products
2- mongo-express/mongo-expressdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-hxmg-hm46-cf62ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-24391ghsaADVISORY
- github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91aghsax_refsource_MISCWEB
- github.com/mongodb-js/query-parser/issues/16ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.