blob: 09288cd8a2b8e4c6efeceba71df711f12bd3e2fb [file] [log] [blame]
module: go.mongodb.org/mongo-driver # there is also a non-canonical import since <v2
package: go.mongodb.org/mongo-driver/bson/bsonrw
versions:
- fixed: v1.5.1
description: |
Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
affected if they use this package to handle untrusted user input.
cve: CVE-2021-20329
symbols:
- valueWriter.writeElementHeader
published: 2021-07-28T12:00:00Z
links:
commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca
pr: https://github.com/mongodb/mongo-go-driver/pull/622
context:
- https://github.com/advisories/GHSA-f6mq-5m25-4r72
- https://jira.mongodb.org/browse/GODRIVER-1923