High severity8.8NVD Advisory· Published Dec 23, 2020· Updated Jun 17, 2026
CVE-2020-35666
CVE-2020-35666
Description
Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Steedos/Platformdescription
- Range: <=1.21.24
Patches
Vulnerability mechanics
References
1- github.com/steedos/steedos-platform/issues/1245nvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.