| Roland Shoemaker | eb069dd | 2021-07-15 13:05:23 -0700 | [diff] [blame] | 1 | module: go.mongodb.org/mongo-driver # there is also a non-canonical import since <v2 |
| 2 | package: go.mongodb.org/mongo-driver/x/bsonx/bsoncore |
| 3 | versions: |
| 4 | - fixed: v1.5.1 |
| 5 | description: | |
| 6 | Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed |
| 7 | Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are |
| 8 | affected if they use this package to handle untrusted user input. |
| 9 | cve: CVE-2021-20329 |
| 10 | symbols: |
| 11 | - AppendHeader |
| 12 | - AppendRegex |
| 13 | published: 2021-07-28T12:00:00Z |
| 14 | links: |
| 15 | commit: https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca |
| 16 | pr: https://github.com/mongodb/mongo-go-driver/pull/622 |
| 17 | context: |
| 18 | - https://github.com/advisories/GHSA-f6mq-5m25-4r72 |
| 19 | - https://jira.mongodb.org/browse/GODRIVER-1923 |
