Vulnerabilities > CVE-2019-19729 - Always-Incorrect Control Flow Implementation vulnerability in Bson-Objectid Project Bson-Objectid 1.3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |