CVE-2022-24304 Information

Description

Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.

Reference

https://github.com/Automattic/mongoose/blob/51e758541763b6f14569744ced15cc23ab8b50c6/lib/schema.js#L88-L141 https://github.com/Automattic/mongoose/compare/6.4.5…6.4.6 https://github.com/Automattic/mongoose/commit/a45cfb6b0ce0067ae9794cfa80f7917e1fb3c6f8