| Details | |
|---|---|
| Alert ID | 40033 |
| Alert Type | Active |
| Status | beta |
| Risk | High |
| CWE | 943 |
| WASC | 19 |
| Technologies Targeted |
Db / MongoDB |
| Tags |
API_2023_API10 HIPAA OWASP_2017_A01 OWASP_2021_A03 OWASP_2025_A05 PCI_DSS POLICY_PENTEST WSTG-V42-INPV-05 |
| More Info |
Scan Rule Help |
Summary
MongoDB query injection may be possible.
Solution
Do not trust client side input and escape all data on the server side. Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version.Other Info
References
- https://arxiv.org/pdf/1506.04082
- https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.html