Количество 2
Количество 2
CVE-2019-19729
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.
GHSA-p84x-5xx8-hff9
bson-objectid contains Improper input validation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-19729 An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype. | CVSS3: 7.5 | 0% Низкий | около 6 лет назад |
| GHSA-p84x-5xx8-hff9 bson-objectid contains Improper input validation | CVSS3: 7.5 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу