You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Bellow is the description of alert while we are not using MongoDb in our application
High Alert --> NoSQL Injection - MongoDB
Description --> MongoDB query injection may be possible.
Attack --> cloud-shape-dark.png[$ne]
Other Info --> In some PHP or NodeJS based back end implementations, in order to obtain sensitive data
it is possible to inject the "[$ne]" string (or other similar ones) that is processed as an
associative array
That is not enough information for us to work with.
We will need the full alert details, including the relevant request and response.
Feel free to obfuscate any sensitive information.
Describe the bug
"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB
Steps to reproduce the behavior
"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB
Expected behavior
"NoSQL Injection - MongoDB" high alert showing in report but we are not using mongoDB
Software versions
2.14.0
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?
The text was updated successfully, but these errors were encountered: