Bson

This hub aggregates every CVE we track for Bson, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 6 most recently published vulnerabilities affecting Bson.

• CVE-2020-12135bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. In particular, the bson_ensure_space() parameter bytesNeeded could have an integer overflo...5.5Apr 24, 2020
• CVE-2019-2391JS-bson may incorrectly serialise some requests4.2Mar 31, 2020
• CVE-2020-7610All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is seriali...9.8Mar 30, 2020
• CVE-2015-4411The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted st...7.5Feb 20, 2020
• CVE-2018-13863The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw i...7.5Jul 10, 2018
• CVE-2015-4412BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary dat...9.8Feb 5, 2018