High severity7.5NVD Advisory· Published Jul 10, 2018· Updated Jun 17, 2026
CVE-2018-13863
CVE-2018-13863
Description
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bsonnpm | >= 0.5.0, < 1.0.5 | 1.0.5 |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4anvdPatchThird Party AdvisoryWEB
- snyk.io/vuln/npm:bson:20180225nvdExploitTechnical DescriptionThird Party AdvisoryWEB
- github.com/advisories/GHSA-8462-q7x7-g2x4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-13863ghsaADVISORY
News mentions
0No linked articles in our index yet.