Mongo Express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method. A misuse of the vm dependency to perform exec commands in a non-safe environment.
Affected version: mongo-express < 0.54.0
FOFA query rule: title="Mongo Express"
