cbcvebase.
CVE-2021-20329
published 2021-06-10

CVE-2021-20329: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.96%
57.1th percentile
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.

Affected

3 ranges
VendorProductVersion rangeFixed in
go.mongodb.orgmongo-driver>= 0 < 1.5.11.5.1
mongodbgo_driver<= 1.5.0
mongodb_incmongodb_go_driver1.0 – 1.5.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv6.5MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.