mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment.
Affected versions of this package are vulnerable to Information Exposure. Any query object with a
_bsontype attribute is ignored, allowing attackers to bypass access control.
mongoose to version 4.13.21, 5.7.5 or higher.