Skip to main content
Detected a $IMPORT statement that comes from a $REQ argument. This could lead to NoSQL injection if the variable is user-controlled and is not properly sanitized. Be sure to properly sanitize the data if you absolutely must pass request data into a mongo query.
Likelihood: HIGH
Confidence: MEDIUM
CWE:
- CWE-943: Improper Neutralization of Special Elements in Data Query Logic
OWASP:
- A01:2017 - Injection