Closed tbhaxor closed 3 years ago
Do you want to request a feature or report a bug?
feature
What is the current behavior?
Mongoose is not filtering malicious payloads. The ODM is supposed to provide such security feature by default
If the current behavior is a bug, please provide the steps to reproduce.
I have a complete article posted on dev.to showing how this can be exploited: https://dev.to/tbhaxor/one-step-to-prevent-potential-nosql-injection-in-your-mongodb-application-40f9
What is the expected behavior?
It should filter out the malicious payloads :sweat_smile:
For those who are using express, I have created a middleware for you https://www.npmjs.com/package/@tbhaxor/mongo-secure
What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version. It has nothing to do with mongoose
Duplicate of #3944.
Do you want to request a feature or report a bug?
feature
What is the current behavior?
Mongoose is not filtering malicious payloads. The ODM is supposed to provide such security feature by default
If the current behavior is a bug, please provide the steps to reproduce.
I have a complete article posted on dev.to showing how this can be exploited: https://dev.to/tbhaxor/one-step-to-prevent-potential-nosql-injection-in-your-mongodb-application-40f9
What is the expected behavior?
It should filter out the malicious payloads :sweat_smile:
For those who are using express, I have created a middleware for you https://www.npmjs.com/package/@tbhaxor/mongo-secure
What are the versions of Node.js, Mongoose and MongoDB you are using? Note that "latest" is not a version. It has nothing to do with mongoose