CVE-2021-20329

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-20329

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20329.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-20329

Aliases

Related

UBUNTU-CVE-2021-20329

Published

2021-06-10T17:15:08Z

Modified

2025-01-08T07:37:40.280397Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.

References

https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1

Affected packages

Git / github.com/mongodb/mongo-go-driver

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo-go-driver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6760875fa58e0fa5518c992582efa6d807960d6c

Affected versions

v0.*

v0.0.1

v0.0.10

v0.0.11

v0.0.12

v0.0.13

v0.0.14

v0.0.15

v0.0.16

v0.0.17

v0.0.18

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.2.0

v0.3.0

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.2.0

v1.3.0

v1.4.0-beta1

v1.4.0-beta2

v1.5.0