CVE-2016-10533

HIGH

express-restify-mongoose < 2.4.2 and 3.0.0-3.0.1 - Exposure of Sensitive Information via Distinct Query Parameter

Title source: llm
STIX 2.1

Description

express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/florianholzapfel/express-restify-mongoose/issues/252
Exploit, Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/92

Scores

CVSS v3 8.8
EPSS 0.0142
EPSS Percentile 69.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200
Status published
Products (2)
express-restify-mongoose_project/express-restify-mongoose < 2.4.2
npm/express-restify-mongoose 3.0.0 - 3.1.0npm
Published May 31, 2018
Tracked Since Feb 18, 2026