bson-objectid is vulnerable to authorization bypass. The vulnerability exists as it was possible to generate a malformed objectid
through ObjectID()
by inserting an additional property in the user-input.
CPE | Name | Operator | Version |
---|---|---|---|
bson-objectid | le | 1.2.5 |