All vulnerabilities
CVE-2020-7610
Deserialization of Untrusted Data in bson
Description
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
9.8
Severity
Critical
Ecosystem
JavaScript
Publish Date
May 7, 2021
Modified Date
March 13, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions

