{"id":"GHSA-5mrr-rgp6-x4gr","summary":"Command Injection in marsdb","details":"All versions of `marsdb` are vulnerable to Command Injection. In the `DocumentMatcher` class, selectors on `$where` clauses are passed to a Function constructor unsanitized. This allows attackers to run arbitrary commands in the system when the function is executed.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.","modified":"2020-08-31T18:48:01Z","published":"2020-09-03T19:39:05Z","database_specific":{"severity":"CRITICAL","cwe_ids":["CWE-77"],"github_reviewed":true,"nvd_published_at":null,"github_reviewed_at":"2020-08-31T18:48:01Z"},"references":[{"type":"WEB","url":"https://github.com/bkimminich/juice-shop/issues/1173"},{"type":"WEB","url":"https://www.npmjs.com/advisories/1122"}],"affected":[{"package":{"name":"marsdb","ecosystem":"npm","purl":"pkg:npm/marsdb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-5mrr-rgp6-x4gr/GHSA-5mrr-rgp6-x4gr.json"}}],"schema_version":"1.7.3"}