bson

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting bsonpage 1 of 1

CVE-2018-13863HIGHCVSS 7.5EG 7.5✓ Fixed in 1.0.5
2018-07-10
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString…
CVE-2019-2391MEDIUMCVSS 4.2EG 4.2✓ Fixed in 1.1.4
2020-03-31
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and pri…
CVE-2020-7610CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.1.4
2020-03-30
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended…

Check whether bson is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bson CVEs against the assets you own.

Start Free Scan →