4 matches found
EUVD-2020-0391
Malware in sbrugna...
@biscottino/session (>=1.0.0 <=1.0.1), @graasp/cli (>=0.3.0 <=0.4.2) +34 more potentially affected by CVE-2019-19729 via bson-objectid (>=1.1.1 <=1.3.0)
bson-objectid NPM version =1.1.1, =1.0.0, =0.3.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.1.1, =3.3.3 and more Source cves: CVE-2019-19729 Source advisory: OSV:GHSA-P84X-5XX8-HFF9...
CVE-2019-19729
An issue was discovered in the BSON ObjectID aka bson-objectid package 1.3.0 for Node.js. ObjectID allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects bsontype==ObjectID in the user-input...
CVE-2019-19729
CVE-2019-19729 affects the BSON ObjectID package for Node.js (v1.3.0). The issue arises when ObjectID() accepts user input with an extra property, causing the module to return early if it detects _bsontype==ObjectID, which can allow objects in arbitrary forms to bypass formatting if they include ...