JS-bson may incorrectly serialise some requests
CVE-2019-2391

4.2MEDIUM

Key Information:

Vendor: MongoDB
Status: Js-bson
Vendor: CVE Published:; 31 March 2020

Summary

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.

Affected Version(s)

js-bson 1.0 <= 1.1.3

References

https://github.com/mongodb/js-bson/releases/tag/v1.1.4

x_refsource_CONFIRM

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2020
Vulnerability Reserved
Dec 10, 2018

Credit

Feng Xiao from Georgia Tech