GO-2021-0112

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2021-0112

Import Source

https://vuln.go.dev/ID/GO-2021-0112.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2021-0112

Aliases

Published

2021-07-28T18:08:05Z

Modified

2024-05-20T16:03:47Z

Summary

Improper input validation in go.mongodb.org/mongo-driver

Details

Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are affected if they use this package to handle untrusted user input.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2021-0112"
}

References

Affected packages

Go / go.mongodb.org/mongo-driver

Package

Name: go.mongodb.org/mongo-driver; View open source insights on deps.dev
Purl: pkg:golang/go.mongodb.org/mongo-driver

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1

Ecosystem specific

{
    "imports": [
        {
            "symbols": [
                "AppendArrayElement",
                "AppendArrayElementStart",
                "AppendBinaryElement",
                "AppendBooleanElement",
                "AppendCodeWithScopeElement",
                "AppendDBPointerElement",
                "AppendDateTimeElement",
                "AppendDecimal128Element",
                "AppendDocumentElement",
                "AppendDocumentElementStart",
                "AppendDoubleElement",
                "AppendHeader",
                "AppendInt32Element",
                "AppendInt64Element",
                "AppendJavaScriptElement",
                "AppendMaxKeyElement",
                "AppendMinKeyElement",
                "AppendNullElement",
                "AppendObjectIDElement",
                "AppendRegex",
                "AppendRegexElement",
                "AppendStringElement",
                "AppendSymbolElement",
                "AppendTimeElement",
                "AppendTimestampElement",
                "AppendUndefinedElement",
                "AppendValueElement",
                "ArrayBuilder.AppendArray",
                "ArrayBuilder.AppendBinary",
                "ArrayBuilder.AppendBoolean",
                "ArrayBuilder.AppendCodeWithScope",
                "ArrayBuilder.AppendDBPointer",
                "ArrayBuilder.AppendDateTime",
                "ArrayBuilder.AppendDecimal128",
                "ArrayBuilder.AppendDocument",
                "ArrayBuilder.AppendDouble",
                "ArrayBuilder.AppendInt32",
                "ArrayBuilder.AppendInt64",
                "ArrayBuilder.AppendJavaScript",
                "ArrayBuilder.AppendMaxKey",
                "ArrayBuilder.AppendMinKey",
                "ArrayBuilder.AppendNull",
                "ArrayBuilder.AppendObjectID",
                "ArrayBuilder.AppendRegex",
                "ArrayBuilder.AppendString",
                "ArrayBuilder.AppendSymbol",
                "ArrayBuilder.AppendTimestamp",
                "ArrayBuilder.AppendUndefined",
                "ArrayBuilder.AppendValue",
                "ArrayBuilder.StartArray",
                "BuildArray",
                "BuildArrayElement",
                "BuildDocumentElement",
                "DocumentBuilder.AppendArray",
                "DocumentBuilder.AppendBinary",
                "DocumentBuilder.AppendBoolean",
                "DocumentBuilder.AppendCodeWithScope",
                "DocumentBuilder.AppendDBPointer",
                "DocumentBuilder.AppendDateTime",
                "DocumentBuilder.AppendDecimal128",
                "DocumentBuilder.AppendDocument",
                "DocumentBuilder.AppendDouble",
                "DocumentBuilder.AppendInt32",
                "DocumentBuilder.AppendInt64",
                "DocumentBuilder.AppendJavaScript",
                "DocumentBuilder.AppendMaxKey",
                "DocumentBuilder.AppendMinKey",
                "DocumentBuilder.AppendNull",
                "DocumentBuilder.AppendObjectID",
                "DocumentBuilder.AppendRegex",
                "DocumentBuilder.AppendString",
                "DocumentBuilder.AppendSymbol",
                "DocumentBuilder.AppendTimestamp",
                "DocumentBuilder.AppendUndefined",
                "DocumentBuilder.AppendValue",
                "DocumentBuilder.StartDocument"
            ],
            "path": "go.mongodb.org/mongo-driver/x/bsonx/bsoncore"
        },
        {
            "symbols": [
                "Copier.AppendArrayBytes",
                "Copier.AppendDocumentBytes",
                "Copier.AppendValueBytes",
                "Copier.CopyArrayFromBytes",
                "Copier.CopyBytesToArrayWriter",
                "Copier.CopyBytesToDocumentWriter",
                "Copier.CopyDocument",
                "Copier.CopyDocumentFromBytes",
                "Copier.CopyDocumentToBytes",
                "Copier.CopyValue",
                "Copier.CopyValueFromBytes",
                "Copier.CopyValueToBytes",
                "CopyDocument",
                "valueWriter.WriteArray",
                "valueWriter.WriteBinary",
                "valueWriter.WriteBinaryWithSubtype",
                "valueWriter.WriteBoolean",
                "valueWriter.WriteCodeWithScope",
                "valueWriter.WriteDBPointer",
                "valueWriter.WriteDateTime",
                "valueWriter.WriteDecimal128",
                "valueWriter.WriteDocument",
                "valueWriter.WriteDouble",
                "valueWriter.WriteInt32",
                "valueWriter.WriteInt64",
                "valueWriter.WriteJavascript",
                "valueWriter.WriteMaxKey",
                "valueWriter.WriteMinKey",
                "valueWriter.WriteNull",
                "valueWriter.WriteObjectID",
                "valueWriter.WriteRegex",
                "valueWriter.WriteString",
                "valueWriter.WriteSymbol",
                "valueWriter.WriteTimestamp",
                "valueWriter.WriteUndefined",
                "valueWriter.WriteValueBytes",
                "valueWriter.writeElementHeader"
            ],
            "path": "go.mongodb.org/mongo-driver/bson/bsonrw"
        }
    ]
}