GO-2021-0111

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2021-0111

Import Source

https://vuln.go.dev/ID/GO-2021-0111.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2021-0111

Withdrawn

2024-05-15T05:37:11.029707Z

Published

2021-07-28T18:08:05Z

Modified

2022-08-29T16:50:59Z

Summary

[none]

Details

Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are affected if they use this package to handle untrusted user input.

References

Affected packages

Go / go.mongodb.org/mongo-driver

Package

Name: go.mongodb.org/mongo-driver; View open source insights on deps.dev
Purl: pkg:golang/go.mongodb.org/mongo-driver

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "Copier.AppendArrayBytes",
                "Copier.AppendDocumentBytes",
                "Copier.AppendValueBytes",
                "Copier.CopyArrayFromBytes",
                "Copier.CopyBytesToArrayWriter",
                "Copier.CopyBytesToDocumentWriter",
                "Copier.CopyDocument",
                "Copier.CopyDocumentFromBytes",
                "Copier.CopyDocumentToBytes",
                "Copier.CopyValue",
                "Copier.CopyValueFromBytes",
                "Copier.CopyValueToBytes",
                "CopyDocument",
                "valueWriter.WriteArray",
                "valueWriter.WriteBinary",
                "valueWriter.WriteBinaryWithSubtype",
                "valueWriter.WriteBoolean",
                "valueWriter.WriteCodeWithScope",
                "valueWriter.WriteDBPointer",
                "valueWriter.WriteDateTime",
                "valueWriter.WriteDecimal128",
                "valueWriter.WriteDocument",
                "valueWriter.WriteDouble",
                "valueWriter.WriteInt32",
                "valueWriter.WriteInt64",
                "valueWriter.WriteJavascript",
                "valueWriter.WriteMaxKey",
                "valueWriter.WriteMinKey",
                "valueWriter.WriteNull",
                "valueWriter.WriteObjectID",
                "valueWriter.WriteRegex",
                "valueWriter.WriteString",
                "valueWriter.WriteSymbol",
                "valueWriter.WriteTimestamp",
                "valueWriter.WriteUndefined",
                "valueWriter.WriteValueBytes",
                "valueWriter.writeElementHeader"
            ],
            "path": "go.mongodb.org/mongo-driver/bson/bsonrw"
        }
    ]
}

Database specific

url

"https://pkg.go.dev/vuln/GO-2021-0111"

source

"https://vuln.go.dev/ID/GO-2021-0111.json"