bson is a BSON Parser for node and browser.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). This can cause an impact of about 10 seconds matching time for data 50K characters long.
- Feb 15th, 2018 - Initial Disclosure to package owner
- Feb 26th, 2018 - Initial Response from package owner
- Feb 26th, 2018 - Fix issued
- Feb 27th, 2018 - Vulnerability published
bson to version 1.0.5 or higher.