Seal Security

CVE-2019-2391

Deserialization of Untrusted Data in bson

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

5.3

Score Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Versions

bson < 1.1.4

Severity

Medium

Ecosystem

JavaScript

Publish Date

February 10, 2022

Modified Date

November 7, 2023