bson

RubyGems2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting bsonpage 1 of 1

CVE-2015-4411HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.4
2020-02-20
vulnerable: 0.20 ... 3.0.3 (92 versions)
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomp…
CVE-2015-4412CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.0.4
2018-02-05
vulnerable: 2.0.0 ... 3.0.3 (14 versions)
BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.

Check whether bson is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for bson CVEs against the assets you own.

Start Free Scan →