blob: 93b908d3fe96802fbae60c43fa653f2b78618bbe [file] [log] [blame]
module: go.mongodb.org/mongo-driver
package: go.mongodb.org/mongo-driver/bson/bsonrw
versions:
- fixed: v1.5.1
description: |
Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed
Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are
affected if they use this package to handle untrusted user input.
cves:
- CVE-2021-20329
symbols:
- valueWriter.writeElementHeader
links:
pr: https://github.com/mongodb/mongo-go-driver/pull/622
commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca
context:
- https://github.com/advisories/GHSA-f6mq-5m25-4r72
- https://jira.mongodb.org/browse/GODRIVER-1923