JS-bson may incorrectly serialise some requests
CVE-2019-2391

4.2MEDIUM

Key Information:

Vendor

MongoDB
Status
Js-bson
Vendor
CVE Published:
31 March 2020
đź”” Create MongoDB Vulnerability Alert

What is CVE-2019-2391?

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.

Affected Version(s)

js-bson 1.0 <= 1.1.3

References

https://github.com/mongodb/js-bson/releases/tag/v1.1.4
x_refsource_CONFIRM

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Feng Xiao from Georgia Tech
.