Security Advisory

CVE-2021-20329

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-10 16:30:11

Last updated 2024-09-16 22:55:51

Assigner mongodb

State PUBLISHED

Description

Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.

← Browse all CVEs View on cve.org ↗