CVE-2021-20329
Specific cstrings input may not be properly validated in the Go Driver
In short
The MongoDB Go Driver fails to properly validate certain string inputs when converting Go objects to BSON format, allowing an attacker to inject extra fields into documents. This could lead to unintended data modification or bypass of intended application logic.
Technical detail
CWE-1287 vulnerability in MongoDB Go Driver versions ≤1.5.0 allows improper validation of cstring inputs during BSON marshalling. An attacker controlling Go object string fields can inject additional BSON fields into the marshalled output, potentially circumventing application-level data validation or authorization checks.
Summary generated and translated by AI from the official description.
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected products
MongoDB Inc. · MongoDB Go DriverWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →