CVE-2021-20329

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.
References
Link Resource
https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1 Release Notes Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:mongodb:go_driver:*:*:*:*:*:mongodb:*:*

Information

Published : 2021-06-10 05:15

Updated : 2022-07-08 06:54


NVD link : CVE-2021-20329

Mitre link : CVE-2021-20329

Products Affected
CWE