| id: GO-2021-0112 |
| modules: |
| - module: go.mongodb.org/mongo-driver |
| versions: |
| - fixed: 1.5.1 |
| vulnerable_at: 1.5.0 |
| packages: |
| - package: go.mongodb.org/mongo-driver/x/bsonx/bsoncore |
| symbols: |
| - AppendHeader |
| - AppendRegex |
| derived_symbols: |
| - AppendArrayElement |
| - AppendArrayElementStart |
| - AppendBinaryElement |
| - AppendBooleanElement |
| - AppendCodeWithScopeElement |
| - AppendDBPointerElement |
| - AppendDateTimeElement |
| - AppendDecimal128Element |
| - AppendDocumentElement |
| - AppendDocumentElementStart |
| - AppendDoubleElement |
| - AppendInt32Element |
| - AppendInt64Element |
| - AppendJavaScriptElement |
| - AppendMaxKeyElement |
| - AppendMinKeyElement |
| - AppendNullElement |
| - AppendObjectIDElement |
| - AppendRegexElement |
| - AppendStringElement |
| - AppendSymbolElement |
| - AppendTimeElement |
| - AppendTimestampElement |
| - AppendUndefinedElement |
| - AppendValueElement |
| - ArrayBuilder.AppendArray |
| - ArrayBuilder.AppendBinary |
| - ArrayBuilder.AppendBoolean |
| - ArrayBuilder.AppendCodeWithScope |
| - ArrayBuilder.AppendDBPointer |
| - ArrayBuilder.AppendDateTime |
| - ArrayBuilder.AppendDecimal128 |
| - ArrayBuilder.AppendDocument |
| - ArrayBuilder.AppendDouble |
| - ArrayBuilder.AppendInt32 |
| - ArrayBuilder.AppendInt64 |
| - ArrayBuilder.AppendJavaScript |
| - ArrayBuilder.AppendMaxKey |
| - ArrayBuilder.AppendMinKey |
| - ArrayBuilder.AppendNull |
| - ArrayBuilder.AppendObjectID |
| - ArrayBuilder.AppendRegex |
| - ArrayBuilder.AppendString |
| - ArrayBuilder.AppendSymbol |
| - ArrayBuilder.AppendTimestamp |
| - ArrayBuilder.AppendUndefined |
| - ArrayBuilder.AppendValue |
| - ArrayBuilder.StartArray |
| - BuildArray |
| - BuildArrayElement |
| - BuildDocumentElement |
| - DocumentBuilder.AppendArray |
| - DocumentBuilder.AppendBinary |
| - DocumentBuilder.AppendBoolean |
| - DocumentBuilder.AppendCodeWithScope |
| - DocumentBuilder.AppendDBPointer |
| - DocumentBuilder.AppendDateTime |
| - DocumentBuilder.AppendDecimal128 |
| - DocumentBuilder.AppendDocument |
| - DocumentBuilder.AppendDouble |
| - DocumentBuilder.AppendInt32 |
| - DocumentBuilder.AppendInt64 |
| - DocumentBuilder.AppendJavaScript |
| - DocumentBuilder.AppendMaxKey |
| - DocumentBuilder.AppendMinKey |
| - DocumentBuilder.AppendNull |
| - DocumentBuilder.AppendObjectID |
| - DocumentBuilder.AppendRegex |
| - DocumentBuilder.AppendString |
| - DocumentBuilder.AppendSymbol |
| - DocumentBuilder.AppendTimestamp |
| - DocumentBuilder.AppendUndefined |
| - DocumentBuilder.AppendValue |
| - DocumentBuilder.StartDocument |
| - package: go.mongodb.org/mongo-driver/bson/bsonrw |
| symbols: |
| - valueWriter.writeElementHeader |
| derived_symbols: |
| - Copier.AppendArrayBytes |
| - Copier.AppendDocumentBytes |
| - Copier.AppendValueBytes |
| - Copier.CopyArrayFromBytes |
| - Copier.CopyBytesToArrayWriter |
| - Copier.CopyBytesToDocumentWriter |
| - Copier.CopyDocument |
| - Copier.CopyDocumentFromBytes |
| - Copier.CopyDocumentToBytes |
| - Copier.CopyValue |
| - Copier.CopyValueFromBytes |
| - Copier.CopyValueToBytes |
| - CopyDocument |
| - valueWriter.WriteArray |
| - valueWriter.WriteBinary |
| - valueWriter.WriteBinaryWithSubtype |
| - valueWriter.WriteBoolean |
| - valueWriter.WriteCodeWithScope |
| - valueWriter.WriteDBPointer |
| - valueWriter.WriteDateTime |
| - valueWriter.WriteDecimal128 |
| - valueWriter.WriteDocument |
| - valueWriter.WriteDouble |
| - valueWriter.WriteInt32 |
| - valueWriter.WriteInt64 |
| - valueWriter.WriteJavascript |
| - valueWriter.WriteMaxKey |
| - valueWriter.WriteMinKey |
| - valueWriter.WriteNull |
| - valueWriter.WriteObjectID |
| - valueWriter.WriteRegex |
| - valueWriter.WriteString |
| - valueWriter.WriteSymbol |
| - valueWriter.WriteTimestamp |
| - valueWriter.WriteUndefined |
| - valueWriter.WriteValueBytes |
| summary: Improper input validation in go.mongodb.org/mongo-driver |
| description: |- |
| Due to improper input sanitization when marshalling Go objects into BSON, a |
| maliciously constructed Go structure could allow an attacker to inject |
| additional fields into a MongoDB document. Users are affected if they use this |
| package to handle untrusted user input. |
| published: 2021-07-28T18:08:05Z |
| cves: |
| - CVE-2021-20329 |
| ghsas: |
| - GHSA-f6mq-5m25-4r72 |
| references: |
| - fix: https://github.com/mongodb/mongo-go-driver/pull/622 |
| - fix: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca |
| - web: https://jira.mongodb.org/browse/GODRIVER-1923 |
| review_status: REVIEWED |