2 matches found
CVE-2015-4411
CVE-2015-4411 affects the MongoDB Ruby stack: the Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 (used by rubygem-moped) allows remote denial of service via a crafted string, due to an incomplete fix to CVE-2015-4410. Impact is a targeted DoS via resource consumption; no exp...
CVE-2020-7610
All provided sources identify CVE-2020-7610 as a vulnerability in the bson library prior to 1.1.4, caused by Deserialization of Untrusted Data where an unknown value for an object’s _bsotype/_bsontype can cause an object to be serialized as a document instead of the intended BSON type. The issue ...