{"id":"CVE-2024-53900","details":"Mongoose before 8.8.3 can improperly use $where in match, leading to search injection.","aliases":["BIT-mongoose-2024-53900","GHSA-m7xq-9374-9rvx"],"modified":"2026-04-10T05:19:00.231253Z","published":"2024-12-02T20:15:08.347Z","references":[{"type":"WEB","url":"https://www.npmjs.com/package/mongoose?activeTab=versions"},{"type":"ADVISORY","url":"https://github.com/Automattic/mongoose/blob/master/CHANGELOG.md"},{"type":"ADVISORY","url":"https://github.com/Automattic/mongoose/releases"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m7xq-9374-9rvx"},{"type":"FIX","url":"https://github.com/Automattic/mongoose/commit/c9e86bff7eef477da75a29af62a06d41a835a156"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/automattic/mongoose","events":[{"introduced":"0"},{"fixed":"15bdccf78ca96c85038346c2ceccb934b1c54f40"},{"introduced":"3d2dc4190446c64e604ea55513b41bf5a9af86c5"},{"fixed":"c79a922e451a0c5b894f0e6917c63fef4c237f4b"},{"introduced":"4e782340cda0c51d2e3e7456a115a94b706f5b2b"},{"fixed":"bb98dcf859b2cf0cc7da9d16d9d09afe445321f3"},{"introduced":"0"},{"last_affected":"408901d70d7cd2d740f826c98f0fe2fd62237df5"},{"introduced":"0"},{"last_affected":"c28cffea0a47ce07a4b154d4435eacfbc72c56d7"},{"fixed":"c9e86bff7eef477da75a29af62a06d41a835a156"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.13.5"},{"introduced":"7.0.1"},{"fixed":"7.8.3"},{"introduced":"8.0.1"},{"fixed":"8.8.3"},{"introduced":"0"},{"last_affected":"7.0.0-rc0"},{"introduced":"0"},{"last_affected":"8.0.0-rc0"}]}}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","1.0.1","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.2","1.0.7","1.0.9","1.1.10","1.1.12","1.1.16","1.1.17","1.1.18","1.1.19","1.1.2","1.1.20","1.1.21","1.1.22","1.1.23","1.1.25","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.9","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.5.0","1.6.0","1.7.2","2.0.0","2.0.1","2.0.2","2.0.3","2.0.4","2.1.0","2.1.1","2.1.2","2.1.3","2.1.4","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.3.0","2.3.1","2.3.10","2.3.11","2.3.12","2.3.2","2.3.3","2.3.4","2.3.5","2.3.6","2.3.7","2.3.8","2.3.9","3.0.1","3.0.3","3.1.0","3.1.1","3.1.2","3.2.0","3.2.1","3.2.2","3.3.0","3.3.1","3.4.0","3.5.0","3.5.1","3.5.2","3.5.4","3.5.5","3.5.6","3.5.7","3.6.0","3.6.0rc1","3.6.1","3.6.2","3.7.2","3.7.3","3.7.4","3.8.0","3.8.1","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.6","3.9.7","4.0.0","4.0.0-rc0","4.0.0-rc1","4.0.0-rc2","4.0.0-rc3","4.0.0-rc4","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.1.0","4.1.1","4.1.10","4.1.11","4.1.12","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1.7","4.1.8","4.1.9","4.10.0","4.10.1","4.10.2","4.10.3","4.10.4","4.10.5","4.10.6","4.10.7","4.10.8","4.11.0","4.11.1","4.11.11","4.11.12","4.11.13","4.11.14","4.11.2","4.11.3","4.11.4","4.11.5","4.11.6","4.11.7","4.11.8","4.11.9","4.12.0","4.12.1","4.12.2","4.12.3","4.12.4","4.12.5","4.12.6","4.13.0","4.13.1","4.13.2","4.13.3","4.13.4","4.13.5","4.13.6","4.13.7","4.13.8","4.2.0","4.2.1","4.2.10","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.3.0","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.3.6","4.3.7","4.4.0","4.4.1","4.4.10","4.4.11","4.4.12","4.4.13","4.4.14","4.4.15","4.4.16","4.4.17","4.4.18","4.4.19","4.4.2","4.4.20","4.4.3","4.4.4","4.4.5","4.4.6","4.4.7","4.4.8","4.4.9","4.5.0","4.5.1","4.5.2","4.5.3","4.5.4","4.5.5","4.5.6","4.5.7","4.5.8","4.5.9","4.6.0","4.6.1","4.6.2","4.6.3","4.6.4","4.6.5","4.6.6","4.6.7","4.6.8","4.7.0","4.7.1","4.7.2","4.7.3","4.7.4","4.7.5","4.7.6","4.7.7","4.7.8","4.7.9","4.8.0","4.8.1","4.8.2","4.8.3","4.8.4","4.8.5","4.8.6","4.8.7","4.9.0","4.9.1","4.9.10","4.9.2","4.9.3","4.9.4","4.9.5","4.9.6","4.9.7","4.9.8","4.9.9","5.0.0","5.0.0-rc0","5.0.0-rc1","5.0.0-rc2","5.0.1","5.0.10","5.0.11","5.0.12","5.0.13","5.0.14","5.0.15","5.0.16","5.0.17","5.0.18","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.0.8","5.0.9","5.1.0","5.1.1","5.1.2","5.1.3","5.1.4","5.1.5","5.1.6","5.1.7","5.1.8","5.10.0","5.10.1","5.10.10","5.10.11","5.10.12","5.10.13","5.10.14","5.10.15","5.10.16","5.10.17","5.10.18","5.10.19","5.10.2","5.10.3","5.10.4","5.10.6","5.10.7","5.10.8","5.10.9","5.11.0","5.11.1","5.11.10","5.11.11","5.11.12","5.11.13","5.11.14","5.11.15","5.11.16","5.11.17","5.11.18","5.11.19","5.11.2","5.11.20","5.11.3","5.11.4","5.11.5","5.11.6","5.11.7","5.11.9","5.12.0","5.12.1","5.12.10","5.12.11","5.12.12","5.12.13","5.12.14","5.12.15","5.12.2","5.12.3","5.12.4","5.12.5","5.12.6","5.12.7","5.13.0","5.13.1","5.13.2","5.13.3","5.13.4","5.13.5","5.13.7","5.13.8","5.2.0","5.2.1","5.2.10","5.2.12","5.2.13","5.2.14","5.2.15","5.2.16","5.2.17","5.2.18","5.2.2","5.2.3","5.2.4","5.2.5","5.2.7","5.2.8","5.3.0","5.3.1","5.3.10","5.3.11","5.3.12","5.3.14","5.3.15","5.3.16","5.3.2","5.3.3","5.3.4","5.3.5","5.3.6","5.3.7","5.3.8","5.4.0","5.4.1","5.4.10","5.4.11","5.4.12","5.4.13","5.4.14","5.4.15","5.4.16","5.4.17","5.4.18","5.4.19","5.4.2","5.4.20","5.4.21","5.4.22","5.4.23","5.4.3","5.4.4","5.4.5","5.4.6","5.4.7","5.4.8","5.4.9","5.5.0","5.5.1","5.5.10","5.5.11","5.5.12","5.5.13","5.5.14","5.5.15","5.5.2","5.5.3","5.5.4","5.5.5","5.5.6","5.5.7","5.5.8","5.5.9","5.6.0","5.6.1","5.6.10","5.6.11","5.6.12","5.6.13","5.6.2","5.6.3","5.6.4","5.6.5","5.6.6","5.6.7","5.6.8","5.6.9","5.7.0","5.7.1","5.7.10","5.7.11","5.7.12","5.7.13","5.7.14","5.7.2","5.7.3","5.7.4","5.7.5","5.7.6","5.7.7","5.7.8","5.7.9","5.8.0","5.8.10","5.8.11","5.8.12","5.8.13","5.8.2","5.8.3","5.8.4","5.8.5","5.8.6","5.8.7","5.8.8","5.8.9","5.9.0","5.9.1","5.9.10","5.9.11","5.9.12","5.9.13","5.9.14","5.9.15","5.9.16","5.9.17","5.9.18","5.9.19","5.9.2","5.9.20","5.9.21","5.9.22","5.9.23","5.9.24","5.9.25","5.9.26","5.9.27","5.9.28","5.9.29","5.9.3","5.9.4","5.9.5","5.9.6","5.9.7","5.9.8","5.9.9","6.0.0","6.0.1","6.0.10","6.0.11","6.0.12","6.0.13","6.0.14","6.0.15","6.0.2","6.0.3","6.0.4","6.0.5","6.0.6","6.0.7","6.0.8","6.0.9","6.1.0","6.1.1","6.1.2","6.1.3","6.1.4","6.1.5","6.1.6","6.1.7","6.1.8","6.10.0","6.10.1","6.10.2","6.10.3","6.10.4","6.10.5","6.11.0","6.11.1","6.11.2","6.11.3","6.11.4","6.11.5","6.11.6","6.12.0","6.12.1","6.12.2","6.12.4","6.12.5","6.12.6","6.12.7","6.12.8","6.12.9","6.13.0","6.13.1","6.13.2","6.13.3","6.13.4","6.2.10","6.2.11","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","6.2.8","6.2.9","6.3.0","6.3.1","6.3.2","6.3.3","6.3.4","6.3.5","6.3.6","6.3.7","6.3.8","6.3.9","6.4.0","6.4.1","6.4.2","6.4.3","6.4.4","6.5.0","6.5.1","6.5.2","6.5.3","6.5.4","6.5.5","6.6.0","6.6.1","6.6.2","6.6.3","6.6.4","6.6.5","6.6.6","6.6.7","6.7.0","6.7.1","6.7.2","6.7.3","6.7.4","6.7.5","6.8.0","6.8.1","6.8.2","6.8.3","6.8.4","6.8.5","6.9.0","6.9.1","6.9.2","6.9.3","7.0.0-rc0","7.0.1","7.0.2","7.0.3","7.0.4","7.0.5","7.1.0","7.1.1","7.1.2","7.2.0","7.2.1","7.2.2","7.2.3","7.2.4","7.3.0","7.3.1","7.3.2","7.3.3","7.3.4","7.4.0","7.4.1","7.4.2","7.4.3","7.4.4","7.4.5","7.5.0","7.5.1","7.5.2","7.5.3","7.5.4","7.6.0","7.6.1","7.6.10","7.6.11","7.6.12","7.6.13","7.6.2","7.6.3","7.6.4","7.6.5","7.6.6","7.6.7","7.6.8","7.6.9","7.7.0","7.8.0","7.8.1","7.8.2","8.0.0-rc0","8.0.1","8.0.2","8.0.3","8.0.4","8.1.0","8.1.1","8.1.2","8.1.3","8.2.0","8.2.1","8.2.2","8.2.3","8.2.4","8.3.0","8.3.1","8.3.2","8.3.3","8.3.4","8.3.5","8.4.0","8.4.1","8.4.2","8.4.3","8.4.4","8.4.5","8.5.0","8.5.1","8.5.2","8.5.3","8.5.4","8.5.5","8.6.0","8.6.1","8.6.2","8.6.3","8.6.4","8.7.0","8.7.1","8.7.2","8.7.3","8.8.0","8.8.1","8.8.2","test","v4.11.13"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-53900.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}