CVE-2019-19729

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.
Configurations

Configuration 1

cpe:2.3:a:bson-objectid_project:bson-objectid:1.3.0:*:*:*:*:node.js:*:*

Information

Published : 2019-12-11 08:15

Updated : 2021-07-21 11:39


NVD link : CVE-2019-19729

Mitre link : CVE-2019-19729

Products Affected
No products.
CWE