Vulnerabilities > CVE-2019-2391 - Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

mongodb

CWE-502

NVD

Published: 2020-03-31

Updated: 2023-06-19

Summary

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.

Vulnerable Configurations

Part	Description	Count
Application	Mongodb Mongodb JS Bson 0.0.5 Mongodb JS Bson 0.0.6 Mongodb JS Bson 0.0.8 Mongodb JS Bson 0.0.9 Mongodb JS Bson 0.1.0 Mongodb JS Bson 0.1.2 Mongodb JS Bson 0.1.4 Mongodb JS Bson 0.1.9 Mongodb JS Bson 0.2.0 Mongodb JS Bson 0.2.1 Mongodb JS Bson 0.2.2 Mongodb JS Bson 0.2.3 Mongodb JS Bson 0.2.5 Mongodb JS Bson 0.2.6 Mongodb JS Bson 0.2.8 Mongodb JS Bson 0.2.9 Mongodb JS Bson 0.2.10 Mongodb JS Bson 0.2.11 Mongodb JS Bson 0.2.13 Mongodb JS Bson 0.2.14 Mongodb JS Bson 0.2.15 Mongodb JS Bson 0.2.16 Mongodb JS Bson 0.2.17 Mongodb JS Bson 0.2.18 Mongodb JS Bson 0.2.19 Mongodb JS Bson 0.2.20 Mongodb JS Bson 0.2.21 Mongodb JS Bson 0.2.22 Mongodb JS Bson 0.3.0 Mongodb JS Bson 0.3.1 Mongodb JS Bson 0.3.2 Mongodb JS Bson 0.4.0 Mongodb JS Bson 0.4.1 Mongodb JS Bson 0.4.2 Mongodb JS Bson 0.4.3 Mongodb JS Bson 0.4.4 Mongodb JS Bson 0.4.5 Mongodb JS Bson 0.4.6 Mongodb JS Bson 0.4.7 Mongodb JS Bson 0.4.8 Mongodb JS Bson 0.4.9 Mongodb JS Bson 0.4.10 Mongodb JS Bson 0.4.11 Mongodb JS Bson 0.4.12 Mongodb JS Bson 0.4.13 Mongodb JS Bson 0.4.14 Mongodb JS Bson 0.4.15 Mongodb JS Bson 0.4.16 Mongodb JS Bson 0.4.17 Mongodb JS Bson 0.4.18 Mongodb JS Bson 0.4.19 Mongodb JS Bson 0.4.20 Mongodb JS Bson 0.4.21 Mongodb JS Bson 0.4.22 Mongodb JS Bson 0.4.23 Mongodb JS Bson 0.5.0 Mongodb JS Bson 0.5.1 Mongodb JS Bson 0.5.2 Mongodb JS Bson 0.5.3 Mongodb JS Bson 0.5.4 Mongodb JS Bson 0.5.5 Mongodb JS Bson 0.5.6 Mongodb JS Bson 0.5.7 Mongodb JS Bson 1.0.0 Mongodb JS Bson 1.0.1 Mongodb JS Bson 1.0.2 Mongodb JS Bson 1.0.3 Mongodb JS Bson 1.0.4 Mongodb JS Bson 1.0.5 Mongodb JS Bson 1.0.6 Mongodb JS Bson 1.0.7 Mongodb JS Bson 1.0.8 Mongodb JS Bson 1.0.9 Mongodb JS Bson 1.1.0 Mongodb JS Bson 1.1.2 Mongodb JS Bson 1.1.3	76

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/mongodb/js-bson/releases/tag/v1.1.4