4 matches found
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
CVE-2019-19729
creationtimestamp| type| source ---|---|--- 2024-03-10 14:46:43+00:00| seen| https://t.me/ctinow/204268...
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
CVE-2019-19729
CVE-2019-19729 affects the BSON ObjectID package for Node.js (v1.3.0). The issue arises when ObjectID() accepts user input with an extra property, causing the module to return early if it detects _bsontype==ObjectID, which can allow objects in arbitrary forms to bypass formatting if they include ...