Details
Alert Id 40033
Alert Type Active Scan Rule
Status alpha
Risk High
CWE 943
WASC 19

Summary

MongoDB query injection may be possible.

Solution

Do not trust client side input and escape all data on the server side. Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version.

References

Code

org/zaproxy/zap/extension/ascanrulesAlpha/MongoDbInjectionScanRule.java