mongodb-core@2.1.20

Vulnerabilities

1 via 1 paths

Dependencies

4

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Internal Property Tampering

  • Vulnerable module: bson
  • Introduced through: bson@1.0.9

Detailed paths

  • Introduced through: mongodb-core@2.1.20 bson@1.0.9
    Remediation: Upgrade to mongodb-core@3.1.2.

Overview

bson is a BSON Parser for node and browser.

Affected versions of this package are vulnerable to Internal Property Tampering. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.

Remediation

Upgrade bson to version 1.1.4 or higher.

References