Main Vulnerability Database SB2020033135

SB2020033135 - Deserialization of Untrusted Data in MongoDB, js-bson

Published: March 31, 2020 Updated: July 17, 2020

Security Bulletin ID SB2020033135

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2019-2391)

The vulnerability allows a remote authenticated user to read and manipulate data.

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.

Remediation

Install update from vendor's website.

References

https://github.com/mongodb/js-bson/releases/tag/v1.1.4