This is a simple Node.js / Express / Mongoose application that is vulnerable* to a Mass Assignment Vulnerability.
The code accompanies the article Avoiding mass assignment vulnerabilities in Node.js and can be used to demonstrate a simple attack.
The scope of this repository is to try out some attacks on the vulnerable code and mitigate these vulnerabilities by updating the code according to the article.
*Vulnerable code can be found in the following files: