14 matches found
EUVD-2020-0391
Malware in sbrugna...
EUVD-2022-4714
Malicious code in bioql PyPI...
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
SUSE CVE-2015-4411
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...
bson-objectid contains Improper input validation
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
@biscottino/session (>=1.0.0 <=1.0.1), @graasp/cli (>=0.3.0 <=0.4.2) +34 more potentially affected by CVE-2019-19729 via bson-objectid (>=1.1.1 <=1.3.0)
bson-objectid NPM version =1.1.1, =1.0.0, =0.3.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.1.1, =3.3.3 and more Source cves: CVE-2019-19729 Source advisory: OSV:GHSA-P84X-5XX8-HFF9...
GHSA-P84X-5XX8-HFF9 bson-objectid contains Improper input validation
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
UBUNTU-CVE-2015-4410
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service worker resource consumption or perform a cross-site scripting XSS attack via a crafted string...
CVE-2015-4411
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service worker resource consumption via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410...
BSON ObjectID Input Validation Error Vulnerability
BSON ObjectID is a module for creating and parsing ObjectIDs for use in Node.js. An input validation error vulnerability exists in BSON ObjectID version 1.3.0 for Node.js. The vulnerability stems from a network system or product that does not properly validate input data. An attacker could use th...
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
CVE-2019-19729
CVE-2019-19729 affects the BSON ObjectID package for Node.js (v1.3.0). The issue arises when ObjectID() accepts user input with an extra property, causing the module to return early if it detects _bsontype==ObjectID, which can allow objects in arbitrary forms to bypass formatting if they include ...
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...