CVE-2021-20329
published 2021-06-10CVE-2021-20329: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.96%
57.1th percentile
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| go.mongodb.org | mongo-driver | >= 0 < 1.5.1 | 1.5.1 |
| mongodb | go_driver | <= 1.5.0 | — |
| mongodb_inc | mongodb_go_driver | 1.0 – 1.5.0 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv6.5MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper input validation in go.mongodb.org/mongo-driver
osv·2021-07-28
CVE-2021-20329 Improper input validation in go.mongodb.org/mongo-driver
Improper input validation in go.mongodb.org/mongo-driver
Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are affected if they use this package to handle untrusted user input.
GHSA
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
ghsa·2021-06-15
CVE-2021-20329 [MEDIUM] CWE-1287 go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.
OSV
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
osv·2021-06-15
CVE-2021-20329 [MEDIUM] go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.
OSV
CVE-2021-20329: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON
osv·2021-06-10·CVSS 6.5
CVE-2021-20329 [MEDIUM] CVE-2021-20329: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
Red Hat
mongo-go-driver: specific cstrings input may not be properly validated
vendor_redhat·2021-03-30·CVSS 6.8
CVE-2021-20329 [MEDIUM] CWE-20 mongo-go-driver: specific cstrings input may not be properly validated
mongo-go-driver: specific cstrings input may not be properly validated
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.
Package: cert-manager/cert-manager-operator-rhel9 (cert-manager Operator for Red Hat OpenShift) - Affected
Package: costmanagement-met
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-06-10
Published