All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMongodb Bson
APPMongodb1.0.0 β 1.1.4 (bez)
Related vulnerabilities
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remot...
MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by-default configuration setting, networkMe...
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by ...
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON d...
A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod p...