Search
Find a vulnerability
Search criteria
2 vulnerabilities found for MongoDB Go Driver by MongoDB Inc.
CVE-2021-20329 (GCVE-0-2021-20329)
Vulnerability from nvd – Published: 2021-06-10 16:30 – Updated: 2024-09-16 22:55
VLAI
Title
Specific cstrings input may not be properly validated in the Go Driver
Summary
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
Severity
6.8 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mongodb/mongo-go-driver/releas… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Go Driver |
Affected:
1.0 , ≤ 1.5.0
(custom)
|
Date Public
2021-06-09 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Go Driver",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hugo Ferrando Seage"
}
],
"datePublic": "2021-06-09T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpecific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.\u003c/p\u003e"
}
],
"value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T16:03:19.528Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Specific cstrings input may not be properly validated in the Go Driver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-06-10T14:00:00.000Z",
"ID": "CVE-2021-20329",
"STATE": "PUBLIC",
"TITLE": "Specific cstrings input may not be properly validated in the Go Driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Go Driver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hugo Ferrando Seage"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1287: Improper Validation of Specified Type of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1",
"refsource": "CONFIRM",
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2021-20329",
"datePublished": "2021-06-10T16:30:11.055Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:51.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20329 (GCVE-0-2021-20329)
Vulnerability from cvelistv5 – Published: 2021-06-10 16:30 – Updated: 2024-09-16 22:55
VLAI
Title
Specific cstrings input may not be properly validated in the Go Driver
Summary
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
Severity
6.8 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mongodb/mongo-go-driver/releas… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Go Driver |
Affected:
1.0 , ≤ 1.5.0
(custom)
|
Date Public
2021-06-09 23:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Go Driver",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThanOrEqual": "1.5.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hugo Ferrando Seage"
}
],
"datePublic": "2021-06-09T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSpecific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.\u003c/p\u003e"
}
],
"value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T16:03:19.528Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Specific cstrings input may not be properly validated in the Go Driver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2021-06-10T14:00:00.000Z",
"ID": "CVE-2021-20329",
"STATE": "PUBLIC",
"TITLE": "Specific cstrings input may not be properly validated in the Go Driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Go Driver",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.0",
"version_value": "1.5.0"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Hugo Ferrando Seage"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1287: Improper Validation of Specified Type of Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1",
"refsource": "CONFIRM",
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2021-20329",
"datePublished": "2021-06-10T16:30:11.055Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:55:51.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}