Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity High
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:L/Au:S/C:N/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Mongodb |
|
Redhat |
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat OpenShift Container Platform 4.10 | |||
openshift4/ose-csi-driver-nfs-rhel8:v4.10.0-202303210741.p0.ge6b5664.assembly.stream | cpe:/a:redhat:openshift:4.10::el8 | RHSA-2023:1392 | 2023-03-29T00:00:00Z |
openshift4/ose-csi-driver-manila-rhel8-operator:v4.10.0-202304031241.p0.g3b06768.assembly.stream | cpe:/a:redhat:openshift:4.10::el8 | RHSA-2023:1656 | 2023-04-12T00:00:00Z |
Red Hat OpenShift Container Platform 4.11 | |||
openshift4/ose-csi-driver-manila-rhel8-operator:v4.11.0-202303240327.p0.gce6c43b.assembly.stream | cpe:/a:redhat:openshift:4.11::el8 | RHSA-2023:1504 | 2023-04-04T00:00:00Z |
Red Hat OpenShift Container Platform 4.12 | |||
openshift4/ose-csi-driver-manila-rhel8-operator:v4.12.0-202303210718.p0.gaf25a1f.assembly.stream | cpe:/a:redhat:openshift:4.12::el8 | RHSA-2023:1409 | 2023-03-27T00:00:00Z |
Red Hat OpenShift Container Platform 4.13 | |||
openshift4/ose-baremetal-machine-controllers:v4.13.0-202305030754.p0.gd20bc57.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
openshift4/ose-csi-driver-manila-rhel8-operator:v4.13.0-202304190216.p0.ge540ced.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
openshift4/ose-olm-rukpak-rhel8:v4.13.0-202304190216.p0.g66b3e55.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1326 | 2023-05-17T00:00:00Z |
openshift4/ose-kubernetes-nmstate-handler-rhel8:v4.13.0-202304280215.p0.gc254e6e.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1328 | 2023-05-18T00:00:00Z |
openshift4/dpu-network-rhel8-operator:v4.13.0-202308221627.p0.g35cbabd.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:4730 | 2023-08-30T00:00:00Z |
openshift4/ose-operator-lifecycle-manager:v4.13.0-202401092010.p0.g2357f75.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2024:0193 | 2024-01-17T00:00:00Z |
Red Hat OpenShift Container Platform 4.14 | |||
openshift4/ose-baremetal-machine-controllers:v4.14.0-202310201027.p0.g412acb3.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-driver-manila-rhel8-operator:v4.14.0-202310201027.p0.gea34192.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-haproxy-router:v4.14.0-202310201027.p0.g7cbd152.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/ose-installer:v4.14.0-202310201027.p0.g03546e5.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5006 | 2023-10-31T00:00:00Z |
openshift4/cloud-event-proxy-rhel8:v4.14.0-202310201027.p0.gc3dc0ec.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/frr-rhel9:v4.14.0-202310201027.p0.g0414ca3.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ingress-node-firewall-operator-bundle:v4.14.0.202310201027.p0.g3784ac1.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ingress-node-firewall-rhel9:v4.14.0-202310201027.p0.g3784ac1.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ingress-node-firewall-rhel9-operator:v4.14.0-202310201027.p0.g3784ac1.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/kubernetes-nmstate-operator-bundle:v4.14.0.202310201027.p0.g5d81544.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/kubernetes-nmstate-rhel9-operator:v4.14.0-202310201027.p0.g5d81544.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/metallb-rhel8:v4.14.0-202310201027.p0.g73f6f31.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/metallb-rhel8-operator:v4.14.0-202310201027.p0.g593c753.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/nmstate-console-plugin-rhel8:v4.14.0-202310201027.p0.g75fe6e5.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-aws-efs-csi-driver-container-rhel8:v4.14.0-202310201027.p0.g66925fd.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-aws-efs-csi-driver-operator-bundle:v4.14.0.202310201027.p0.ge7d739f.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-aws-efs-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.ge7d739f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cloud-event-proxy-rhel8:v4.14.0-202310201027.p0.gc3dc0ec.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-kube-descheduler-operator:v4.14.0-202310201027.p0.gabca215.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-kube-descheduler-operator-bundle:v4.14.0.202310201027.p0.gabca215.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-kube-descheduler-operator-metadata:v4.14.0.202310201027.p0.gabca215.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-kube-descheduler-rhel8-operator:v4.14.0-202310201027.p0.gabca215.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-nfd-operator:v4.14.0-202310201027.p0.gf1f745a.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-cluster-nfd-operator-bundle:v4.14.0.202310201027.p0.gf1f745a.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-clusterresourceoverride-operator-bundle:v4.14.0.202310201027.p0.gb1b0669.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-clusterresourceoverride-rhel8:v4.14.0-202310201027.p0.g55d1f53.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-clusterresourceoverride-rhel8-operator:v4.14.0-202310201027.p0.gb1b0669.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-provisioner:v4.14.0-202310201027.p0.g78a710f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-provisioner-rhel8:v4.14.0-202310201027.p0.g78a710f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-resizer:v4.14.0-202310201027.p0.g59a701a.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-resizer-rhel8:v4.14.0-202310201027.p0.g59a701a.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-snapshotter:v4.14.0-202310201027.p0.g0bf9276.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-external-snapshotter-rhel8:v4.14.0-202310201027.p0.g0bf9276.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-livenessprobe:v4.14.0-202310201027.p0.ga9bcbde.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-livenessprobe-rhel8:v4.14.0-202310201027.p0.ga9bcbde.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-node-driver-registrar:v4.14.0-202310201027.p0.g9dcaa7f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-csi-node-driver-registrar-rhel8:v4.14.0-202310201027.p0.g9dcaa7f.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-descheduler:v4.14.0-202310201027.p0.g0fb0646.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-gcp-filestore-csi-driver-operator-bundle:v4.14.0.202310201027.p0.g413ab3a.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-gcp-filestore-csi-driver-rhel8:v4.14.0-202310201027.p0.ga6af579.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-gcp-filestore-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g413ab3a.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-kube-rbac-proxy:v4.14.0-202310201027.p0.g7681039.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-kubernetes-nmstate-handler-rhel9:v4.14.0-202310201027.p0.g5d81544.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-kubernetes-nmstate-handler-rhel9-operator:v4.14.0-202310201027.p0.g5d81544.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-local-storage-diskmaker:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-local-storage-mustgather-rhel8:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-local-storage-operator:v4.14.0-202310201027.p0.gc41b6ba.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-local-storage-operator-bundle:v4.14.0.202310201027.p0.gc41b6ba.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-metallb-operator-bundle:v4.14.0.202310201027.p0.g593c753.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-node-feature-discovery:v4.14.0-202310201027.p0.g060e629.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-ptp-operator:v4.14.0-202310201027.p0.gb9339b2.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-ptp-operator-bundle:v4.14.0.202310201027.p0.gb9339b2.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-ptp-operator-metadata:v4.14.0.202310201027.p0.gb9339b2.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-ptp-rhel9:v4.14.0-202310201027.p0.g80d08c5.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-secrets-store-csi-driver-operator-bundle:v4.14.0.202310201027.p0.g1e01fc0.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-secrets-store-csi-driver-rhel8:v4.14.0-202310201027.p0.g4b5bd4b.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-secrets-store-csi-driver-rhel8-operator:v4.14.0-202310201027.p0.g1e01fc0.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-dp-admission-controller:v4.14.0-202310201027.p0.g82a744e.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-infiniband-cni:v4.14.0-202310201027.p0.geba0d95.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-network-config-daemon:v4.14.0-202310201027.p0.g749b4a3.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-network-device-plugin:v4.14.0-202310201027.p0.g518f258.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-network-operator:v4.14.0-202310201027.p0.g749b4a3.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-network-operator-bundle:v4.14.0.202310201027.p0.g749b4a3.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-sriov-network-webhook:v4.14.0-202310201027.p0.g749b4a3.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-vertical-pod-autoscaler-operator-bundle:v4.14.0.202310201027.p0.geae798e.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-vertical-pod-autoscaler-operator-metadata:v4.14.0.202310201027.p0.geae798e.assembly.stream-1 | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-vertical-pod-autoscaler-rhel8:v4.14.0-202310201027.p0.g0822c7b.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/ose-vertical-pod-autoscaler-rhel8-operator:v4.14.0-202310201027.p0.geae798e.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift4/sriov-cni-rhel9:v4.14.0-202310201027.p0.gf73cb4b.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
openshift-tech-preview/metallb-rhel8:v4.14.0-202310201027.p0.g73f6f31.assembly.stream | cpe:/a:redhat:openshift:4.14::el8 | RHSA-2023:5007 | 2023-10-31T00:00:00Z |
Red Hat OpenShift Container Platform 4.9 | |||
openshift4/ose-csi-driver-nfs-rhel8:v4.9.0-202303281553.p0.g062018e.assembly.stream | cpe:/a:redhat:openshift:4.9::el8 | RHSA-2023:1525 | 2023-04-05T00:00:00Z |
Red Hat OpenShift Service Mesh 2.2 for RHEL 8 | |||
openshift-service-mesh/prometheus-rhel8:2.2.7-7 | cpe:/a:redhat:service_mesh:2.2::el8 | RHSA-2023:3645 | 2023-06-15T00:00:00Z |
RHEL-9-CNV-4.14 | |||
container-native-virtualization/virt-api-rhel9:v4.14.0-395 | cpe:/a:redhat:container_native_virtualization:4.14::el9 | RHSA-2023:6817 | 2023-11-08T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mongodb
Published: 2021-06-10T00:00:00
Updated: 2024-08-03T17:37:23.756Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20329
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-10T17:15:08.047
Modified: 2024-01-23T16:15:49.537
Link: CVE-2021-20329
Redhat