{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53538?format=json","vulnerability_id":"VCID-rkuq-2dp1-wkeh","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in mongodb-query-parser.","aliases":[{"alias":"GHSA-97mg-3cr6-3x4c"},{"alias":"GMS-2020-390"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78592?format=json","purl":"pkg:npm/mongodb-query-parser@2.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@2.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271602?format=json","purl":"pkg:npm/mongodb-query-parser@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271603?format=json","purl":"pkg:npm/mongodb-query-parser@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271604?format=json","purl":"pkg:npm/mongodb-query-parser@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271605?format=json","purl":"pkg:npm/mongodb-query-parser@0.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271606?format=json","purl":"pkg:npm/mongodb-query-parser@0.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/271607?format=json","purl":"pkg:npm/mongodb-query-parser@0.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/271608?format=json","purl":"pkg:npm/mongodb-query-parser@0.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/271609?format=json","purl":"pkg:npm/mongodb-query-parser@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271610?format=json","purl":"pkg:npm/mongodb-query-parser@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271612?format=json","purl":"pkg:npm/mongodb-query-parser@0.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271614?format=json","purl":"pkg:npm/mongodb-query-parser@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271616?format=json","purl":"pkg:npm/mongodb-query-parser@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271617?format=json","purl":"pkg:npm/mongodb-query-parser@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271618?format=json","purl":"pkg:npm/mongodb-query-parser@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271619?format=json","purl":"pkg:npm/mongodb-query-parser@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271620?format=json","purl":"pkg:npm/mongodb-query-parser@0.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271621?format=json","purl":"pkg:npm/mongodb-query-parser@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271622?format=json","purl":"pkg:npm/mongodb-query-parser@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271623?format=json","purl":"pkg:npm/mongodb-query-parser@0.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@0.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271624?format=json","purl":"pkg:npm/mongodb-query-parser@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271625?format=json","purl":"pkg:npm/mongodb-query-parser@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271626?format=json","purl":"pkg:npm/mongodb-query-parser@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271627?format=json","purl":"pkg:npm/mongodb-query-parser@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271628?format=json","purl":"pkg:npm/mongodb-query-parser@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271629?format=json","purl":"pkg:npm/mongodb-query-parser@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271630?format=json","purl":"pkg:npm/mongodb-query-parser@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/271631?format=json","purl":"pkg:npm/mongodb-query-parser@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271632?format=json","purl":"pkg:npm/mongodb-query-parser@1.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271633?format=json","purl":"pkg:npm/mongodb-query-parser@1.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/271634?format=json","purl":"pkg:npm/mongodb-query-parser@1.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/271635?format=json","purl":"pkg:npm/mongodb-query-parser@1.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/271636?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271637?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271638?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271639?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/271640?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/271641?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/271642?format=json","purl":"pkg:npm/mongodb-query-parser@1.3.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.3.6"},{"url":"http://public2.vulnerablecode.io/api/packages/271643?format=json","purl":"pkg:npm/mongodb-query-parser@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271644?format=json","purl":"pkg:npm/mongodb-query-parser@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/271645?format=json","purl":"pkg:npm/mongodb-query-parser@1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/271646?format=json","purl":"pkg:npm/mongodb-query-parser@1.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.4.3"},{"url":"http://public2.vulnerablecode.io/api/packages/271647?format=json","purl":"pkg:npm/mongodb-query-parser@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/271648?format=json","purl":"pkg:npm/mongodb-query-parser@1.6.0-rc.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nr2n-pfu7-afat"},{"vulnerability":"VCID-rkuq-2dp1-wkeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/mongodb-query-parser@1.6.0-rc.0"}],"references":[{"reference_url":"https://www.npmjs.com/advisories/1448","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.npmjs.com/advisories/1448"},{"reference_url":"https://github.com/advisories/GHSA-97mg-3cr6-3x4c","reference_id":"GHSA-97mg-3cr6-3x4c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97mg-3cr6-3x4c"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":"0.5","weighted_severity":"9.0","risk_score":4.5,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkuq-2dp1-wkeh"}