CVE-2021-23372

MEDIUM4.4EPSS 0.31%

Denial of Service (DoS) in mongo-express

Published: 10/6/2021Modified: 3/16/2026

Description

All versions of package mongo-express are vulnerable to Denial of Service (DoS) when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash.

Affected packages (1)

npm/mongo-expressfrom 0, <= 0.54.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23372
PATCHhttps://github.com/mongo-express/mongo-express
WEBhttps://snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403