mongui

vulnerability arbitrary code injection
severity 6.5
language javascript
registry npm

Overview

mongui is a MongoDB user interface inspired by RockMongo, this package is vulnerable to Arbitrary Code Injection due to unsafe use of the eval() function. Node.js provides the eval() function by default, and is used to translate strings into Javascript code. An attacker can craft a malicious payload to inject arbitrary commands.