7 lines
382 B
Plaintext
7 lines
382 B
Plaintext
==== Code execution
|
|
|
|
When untrusted data is used within query operators such as `$where`, `$accumulator`, or `$function` it usually results in JavaScript code execution vulnerabilities.
|
|
|
|
Therefore, untrusted values should not be used inside these query operators unless they are properly validated.
|
|
|
|
For more information about MongoDB code execution vulnerabilities, see rule S5334. |