Security Advisory

CVE-2018-13863

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-07-10 20:00:00

Last updated 2024-09-16 23:21:48

Assigner mitre

State PUBLISHED

Description

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

← Browse all CVEs View on cve.org ↗