-
-
Notifications
You must be signed in to change notification settings - Fork 236
Expand file tree
/
Copy pathCVE-2015-4412.yml
More file actions
18 lines (18 loc) · 692 Bytes
/
Copy pathCVE-2015-4412.yml
File metadata and controls
18 lines (18 loc) · 692 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
---
gem: bson
cve: 2015-4412
ghsa: h6rj-8r3c-9gpj
url: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
title: Data Injection Vulnerability in bson Rubygem
date: 2015-06-04
description: |
A flaw in the ObjectId validation regular expression can enable attackers
to inject arbitrary information into a given BSON object.
cvss_v3: 9.8
patched_versions:
- "~> 1.12.3"
- ">= 3.0.4"
related:
url:
- https://github.com/mongodb/mongo-ruby-driver/compare/6ae981167759d5819ba3d41e374e5b2af5b79077~1...9859a3ab9773a8a883eb8438b665a921cc991c71
- https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7