CVE-2016-10533
HIGHexpress-restify-mongoose < 2.4.2 and 3.0.0-3.0.1 - Exposure of Sensitive Information via Distinct Query Parameter
Title source: llmDescription
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/florianholzapfel/express-restify-mongoose/issues/252
Exploit, Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/92
Scores
CVSS v3
8.8
EPSS
0.0142
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
Status
published
Products (2)
express-restify-mongoose_project/express-restify-mongoose
< 2.4.2
npm/express-restify-mongoose
3.0.0 - 3.1.0npm
Published
May 31, 2018
Tracked Since
Feb 18, 2026