N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-f5cv-xrv9-r8w7

EPSS Score

CWE

CWE-89

Published

9/1/2020

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-f5cv-xrv9-r8w7

GHSA-f5cv-xrv9-r8w7: NoSQL injection in express-cart

Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection.

The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query which allows to insert operators.

These operators can be used to extract the value of the field blindly in the same manner of a blind SQL injection. In this case, the $regex operator is used to guess each character of the token from the start.

Recommendation

Update to version 1.1.8 or later.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-f5cv-xrv9-r8w7

EPSS Score

CWE

CWE-89

Published

9/1/2020

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
express-cart	npm	<= 1.1.7	1.1.8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability report explicitly states both customer and admin login handlers pass JSON parameters directly to MongoDB. In Express applications, these would typically be route handler functions processing POST requests. The lack of input sanitization before constructing database queries with user-controlled values (email/password) makes these handlers vulnerable to operator injection. The $regex exploitation pattern confirms direct query object manipulation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* `*xpr*ss-**rt` ***or* *.*.* *r* vuln*r**l* to NoSQL inj**tion. T** vuln*r**ility is **us** *y t** l**k o* us*r input s*nitiz*tion in t** lo*in **n*l*rs. In *ot* **s*s, t** *ustom*r lo*in *n* t** **min lo*in, p*r*m*t*rs *rom t** JSON *o*

Reasoning

T** vuln*r**ility r*port *xpli*itly st*t*s *ot* *ustom*r *n* **min lo*in **n*l*rs p*ss JSON p*r*m*t*rs *ir**tly to Mon*o**. In `*xpr*ss` *ppli**tions, t**s* woul* typi**lly ** rout* **n*l*r `*un*tions` pro**ssin* `POST` r*qu*sts. T** l**k o* input s*

N/A

Basic Information

Concerned about an active attack path?

GHSA-f5cv-xrv9-r8w7: NoSQL injection in express-cart

Recommendation

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI