Critical severityNVD Advisory· Published Mar 30, 2020· Updated Aug 4, 2024
CVE-2020-7610
CVE-2020-7610
Description
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bsonnpm | < 1.1.4 | 1.1.4 |
Affected products
2- bson/bsondescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v8w9-2789-6hhrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7610ghsaADVISORY
- github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8ghsaWEB
- snyk.io/vuln/SNYK-JS-BSON-561052ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.