GHSA-v8w9-2789-6hhr

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-v8w9-2789-6hhr/GHSA-v8w9-2789-6hhr.json
Aliases
  • CVE-2020-7610
Published
2021-05-07T16:04:54Z
Modified
2023-03-30T22:46:24Z
Details

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.

References

Affected packages

npm / bson

bson

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
1.1.4

Affected versions

Ecosystem specific

{
    "affected_functions": [
        "bson.BSON.serialize"
    ]
}