2 matches found
CVE-2019-2391
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to...
CVE-2019-17426
Automattic Mongoose up to version 5.7.4 is affected. The root cause is that a query object containing a _bsontype attribute is ignored, which can bypass access control in some applications (e.g., a query filter interference with _bsontype). The CVE covers this behavior in older versions of the bs...