Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2021-06-10T00:00:00

Updated: 2024-08-03T17:37:23.756Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20329

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-10T17:15:08.047

Modified: 2024-01-23T16:15:49.537

Link: CVE-2021-20329

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-03-30T00:00:00Z

Links: CVE-2021-20329 - Bugzilla