CVE-2018-13863

Published: Jul 10, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a

x_refsource_MISC

https://snyk.io/vuln/npm:bson:20180225

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-13863

Description

Affected Products

References