Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mongodb bson vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-7610
All versions of bson prior to 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Mongodb Bson
5.4
CVSSv3
CVE-2019-2391
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.
Mongodb Js-bson
1 Github repository
7.5
CVSSv3
CVE-2018-13863
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x prior to 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long u...
Mongodb Js-bson
7.5
CVSSv3
CVE-2015-4411
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby prior to 3.0.4 as used in rubygem-moped allows remote malicious users to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.
Mongodb Bson
Fedoraproject Fedora 21
Fedoraproject Fedora 22
NA
CVE-2015-1609
MongoDB prior to 2.4.13 and 2.6.x prior to 2.6.8 allows remote malicious users to cause a denial of service via a crafted UTF-8 string in a BSON request.
Fedoraproject Fedora 21
Mongodb Mongodb 2.6.2
Mongodb Mongodb 2.6.3
Mongodb Mongodb 2.6.4
Mongodb Mongodb 2.6.5
Mongodb Mongodb 2.6.6
Mongodb Mongodb
Mongodb Mongodb 2.6.7
Mongodb Mongodb 2.6.0
Mongodb Mongodb 2.6.1
NA
CVE-2012-6619
The default configuration for MongoDB prior to 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
Mongodb Mongodb 2.2.2
Mongodb Mongodb 2.2.1
Mongodb Mongodb 2.0.3
Mongodb Mongodb 2.0.2
Mongodb Mongodb 2.2.4
Mongodb Mongodb 2.2.5
Mongodb Mongodb 2.2.0
Mongodb Mongodb 2.0.8
Mongodb Mongodb 2.0.1
Mongodb Mongodb 2.0.0
Mongodb Mongodb 2.2.6
Mongodb Mongodb 2.2.7
Mongodb Mongodb 2.3.0
Mongodb Mongodb 2.2.3
Mongodb Mongodb 2.0.5
Mongodb Mongodb 2.0.4
Mongodb Mongodb 1.4.0
Mongodb Mongodb 1.2.0
Mongodb Mongodb 2.0.7
Mongodb Mongodb 2.0.6
Mongodb Mongodb 1.8.0
Mongodb Mongodb 1.6.0
7.5
CVSSv3
CVE-2017-14227
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote malicious users to cause a denial of service (heap-based buffer over-read in the bson_utf8_validate function in bson-utf8.c), as demo...
Mongodb Mongodb 1.7.0
5.5
CVSSv3
CVE-2020-12135
bson prior to 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflow via properly constructed bson input.
Whoopsie Project Whoopsie
Mongodb C Driver
1 Github repository
8.1
CVSSv3
CVE-2018-16790
_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.
Mongodb Libbson 1.12.0
6.5
CVSSv3
CVE-2021-20329
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO D...
Mongodb Go Driver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »