Denial of Service (DoS) Vulnerability in mongo-express: Crash on Exporting Empty Collection as CSV

Denial of Service (DoS) Vulnerability in mongo-express: Crash on Exporting Empty Collection as CSV

CVE-2021-23372 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Learn more about our Web Application Penetration Testing UK.