Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.
{ "nvd_published_at": "2021-06-10T17:15:00Z", "cwe_ids": [ "CWE-1287", "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-06-14T19:11:50Z" }