NoSQL Injection - MongoDB

Type: Active Scan

Risk: High

Description

MongoDB query injection may be possible.

Solution

Do not trust client side input and escape all data on the server side. Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version.

References

CWE: 943

WASC: 19

Code

Last updated: 2020-07-20 08:53:37.296Z