CVE-2020-7610
N/A
N/A
Summary
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | bson | all versions before 1.1.4 | affected |
Weaknesses
- Deserialization of Untrusted Data
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.