Moderate severityNVD Advisory· Published Jun 10, 2021· Updated Sep 16, 2024
Specific cstrings input may not be properly validated in the Go Driver
CVE-2021-20329
Description
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
go.mongodb.org/mongo-driverGo | < 1.5.1 | 1.5.1 |
Affected products
3- ghsa-coords2 versionspkg:golang/go.mongodb.org/mongo-driverpkg:rpm/opensuse/etcd-for-k8s1.32&distro=openSUSE%20Tumbleweed
< 1.5.1+ 1 more
- (no CPE)range: < 1.5.1
- (no CPE)range: < 3.5.24-1.1
- MongoDB Inc./MongoDB Go Driverv5Range: 1.0
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-f6mq-5m25-4r72ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-20329ghsaADVISORY
- github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4caghsaWEB
- github.com/mongodb/mongo-go-driver/pull/622ghsaWEB
- github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1ghsax_refsource_CONFIRMWEB
- jira.mongodb.org/browse/GODRIVER-1923ghsaWEB
- pkg.go.dev/vuln/GO-2021-0112ghsaWEB
News mentions
0No linked articles in our index yet.