Improper neutralization of special elements in data query logic


The application generates a query intended to interact with MongoDB, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.


Refactor find or search queries to use standard filtering operators such as $gt or $in instead of broad operators such as $where. If possible, disable the MongoDB JavaScript interface entirely.


ID Aggregated CWE Type Risk
943.1 false 943 Active high