|
|
|
|
|
|
by guypod
3449 days ago
|
|
|
It's worth noting this isn't unique to MongoDB.
The "Marked" npm package, with it's 2 million downloads, doesn't sanitize input by default. "st", another popular package, allows directory listing by default. Quite a few of those... |
|
|