Vulnerabilities (CVE)

Filtered by vendor Mongodb Subscribe
Filtered by product Js-bson
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13863 1 Mongodb 1 Js-bson 2024-11-21 5.0 MEDIUM 7.5 HIGH
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
CVE-2019-2391 1 Mongodb 1 Js-bson 2024-02-04 5.5 MEDIUM 5.4 MEDIUM
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.