Sha256: f37669a03a60c0df6262c70dc33be8bbe9d9e234c603da30dfb51a8f63701069

Contents?: true

Size: 660 Bytes

Versions: 3

Compression:

Stored size: 660 Bytes

Contents

---
gem: bson
cve: 2015-4412
url: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
title: Data Injection Vulnerability in bson Rubygem
date: 2015-06-04

description: >-
  A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

patched_versions:
  - "~> 1.12.3"
  - ">= 3.0.4"

related:
  url:
    - https://github.com/mongodb/mongo-ruby-driver/compare/6ae981167759d5819ba3d41e374e5b2af5b79077~1...9859a3ab9773a8a883eb8438b665a921cc991c71
    - https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/bson/CVE-2015-4412.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/bson/CVE-2015-4412.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/bson/CVE-2015-4412.yml