This repo show CRUD operation in files with nodejs ,Gridfs and mongodb
kijacode / gridfsnodejsfile_upload Goto Github PK
View Code? Open in Web Editor NEWThis repo show CRUD operation in files with nodejs ,Gridfs and mongodb
This repo show CRUD operation in files with nodejs ,Gridfs and mongodb
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.8.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mongoose/package.json
Dependency Hierarchy:
Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.
Publish Date: 2022-08-25
URL: CVE-2022-24304
Base Score Metrics:
Step up your Open Source Security Game with Mend here
A very fast streaming multipart parser for node.js
Library home page: https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/dicer/package.json
Dependency Hierarchy:
This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes.
Publish Date: 2022-05-20
URL: CVE-2022-24434
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.8.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mongoose/package.json
Dependency Hierarchy:
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.
Publish Date: 2022-07-28
URL: CVE-2022-2564
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2564
Release Date: 2022-07-28
Fix Resolution: 5.13.15
Step up your Open Source Security Game with Mend here
A bson parser for node.js and the browser
Library home page: https://registry.npmjs.org/bson/-/bson-1.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/bson/package.json
Dependency Hierarchy:
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.
Publish Date: 2020-03-31
URL: CVE-2019-2391
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2391
Release Date: 2020-09-29
Fix Resolution (bson): 1.1.4
Direct dependency fix Resolution (mongoose): 5.8.2
Step up your Open Source Security Game with Mend here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimist/package.json
Dependency Hierarchy:
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-03-17
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (multer): 1.4.4-lts.1
Step up your Open Source Security Game with Mend here
A bson parser for node.js and the browser
Library home page: https://registry.npmjs.org/bson/-/bson-1.1.3.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/bson/package.json
Dependency Hierarchy:
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Publish Date: 2020-03-30
URL: CVE-2020-7610
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-01
Fix Resolution (bson): 1.1.4
Direct dependency fix Resolution (mongoose): 5.8.2
Step up your Open Source Security Game with Mend here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimist/package.json
Dependency Hierarchy:
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-03-11
Fix Resolution (minimist): 0.2.1
Direct dependency fix Resolution (multer): 1.4.3
Step up your Open Source Security Game with Mend here
{G,S}et object values using MongoDB-like path notation
Library home page: https://registry.npmjs.org/mpath/-/mpath-0.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mpath/package.json
Dependency Hierarchy:
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['proto']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
Publish Date: 2021-09-01
URL: CVE-2021-23438
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23438
Release Date: 2021-09-01
Fix Resolution (mpath): 0.8.4
Direct dependency fix Resolution (mongoose): 5.13.9
Step up your Open Source Security Game with Mend here
Expressive query building for MongoDB
Library home page: https://registry.npmjs.org/mquery/-/mquery-3.2.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mquery/package.json
Dependency Hierarchy:
lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., proto) can be copied during a merge or clone operation.
Publish Date: 2020-12-11
URL: CVE-2020-35149
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-12-11
Fix Resolution (mquery): 3.2.3
Direct dependency fix Resolution (mongoose): 5.11.7
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.