GHSA-h6rj-8r3c-9gpj
- Source
- https://github.com/advisories/GHSA-h6rj-8r3c-9gpj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-h6rj-8r3c-9gpj/GHSA-h6rj-8r3c-9gpj.json
- Aliases
-
- CVE-2015-4412
- Published
- 2018-03-05T19:43:21Z
- Modified
- 2024-02-16T08:07:06.561735Z
- Details
-
BSON injection vulnerability in the legal function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-4412
- https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999
- https://bugzilla.redhat.com/show_bug.cgi?id=1229750
- https://github.com/advisories/GHSA-h6rj-8r3c-9gpj
- https://github.com/mongodb/bson-ruby
- https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bson/CVE-2015-4412.yml
- https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
- http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
- http://www.openwall.com/lists/oss-security/2015/06/06/3
- http://www.securityfocus.com/bid/75045
Affected packages
RubyGems / bson
Package
- Name
- bson
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownFixed1.12.3
Affected versions
0.*
0.20
0.20.1
1.*
1.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.9
1.1
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.rc0
1.2.rc1
1.2.rc2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0.rc0
1.3.0
1.3.1
1.4.0
1.4.1
1.5.0.rc0
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.6.4
1.7.0.rc0
1.7.0
1.7.1
1.8.0
1.8.1.rc0
1.8.1.rc1
1.8.1
1.8.2
1.8.3.rc0
1.8.3.rc1
1.8.3
1.8.4.rc0
1.8.4
1.8.5
1.8.6
1.9.0
1.9.1.rc0
1.9.1
1.9.2
1.10.0.rc0
1.10.0.rc1
1.10.0
1.10.1
1.10.2
1.11.1
1.12.0.rc0
1.12.0.rc1
1.12.0.rc2
1.12.0
1.12.1
1.12.2
RubyGems / bson
Package
- Name
- bson