Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding “_bsontype”:”a” can sometimes interfere with a query filter. NOTE: th…
[netaddr] netaddr before 1.5.3 and 2.0.4 has Incorrect Default Permissions
The netaddr gem before 1.5.3 and 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem.
References
https://nvd.nist.gov/vuln/detail/CVE-2019-17383
https://github.com/dspinhir…