---
gem: bson
cve: 2015-4411
ghsa: qh4w-7pw3-p4rp
url: https://github.com/advisories/GHSA-qh4w-7pw3-p4rp
date: 2020-04-29
title: Potential denial of service in bson rubygem
description: |
  The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4
  as used in rubygem-moped allows remote attackers to cause a denial of service (worker
  resource consumption) via a crafted string. NOTE: This issue is due to an incomplete
  fix to CVE-2015-4410.

cvss_v3: 7.5

patched_versions:
  - ">= 3.0.4"

related:
  cve:
  - 2015-4410