Skip to content

fix: nosql injection in customer password reset#290

Open
peleg-development wants to merge 1 commit into
mrvautin:masterfrom
peleg-development:security/fix-critical-vulns
Open

fix: nosql injection in customer password reset#290
peleg-development wants to merge 1 commit into
mrvautin:masterfrom
peleg-development:security/fix-critical-vulns

Conversation

@peleg-development

@peleg-development peleg-development commented Jun 10, 2026

Copy link
Copy Markdown

Security Fixes

Severity Issue File What's wrong Fixed
CRITICAL NoSQL injection in customer password reset routes/customer.js:51,511,521 Three findOne/updateOne calls use unsanitized req.body.email. Attacker sends {"email": {"$gt": ""}} ...

Fix details

NoSQL injection in customer password reset

--- a/routes/customer.js
+++ b/routes/customer.js
@@ -51 +51 @@
-    const customer = await db.customers.findOne({ email: req.body.email });
+    const customer = await db.customers.findOne({ email: mongoSanitize(req.body.email) });
@@ -511 +511 @@
-    const customer = await db.customers.findOne({ email: req.body.email });
+    const customer = await db.customers.findOne({ email: mongoSanitize(req.body.email) });
@@ -521 +521 @@
-    await db.customers.updateOne({ email: req.body.email }, { $set: { resetToken: passwordToken, resetTokenExpiry: tokenExpiry } }, { multi: false });
+    await db.customers.updateOne({ email: mongoSanitize(req.body.email) }, { $set: { resetToken: passwordToken, resetTokenExpiry: tokenExpiry } }, { multi: false });

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@peleg-development