cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2019-2391,https://securityvulnerability.io/vulnerability/CVE-2019-2391,JS-bson may incorrectly serialise some requests,"Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.

",MongoDB,Js-bson,4.2,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2020-03-31T13:25:12.000Z,0
CVE-2020-7610,https://securityvulnerability.io/vulnerability/CVE-2020-7610,,"All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.",Mongodb,Bson,9.8,CRITICAL,0.0029100000392645597,false,false,false,false,,false,false,2020-03-30T18:28:17.000Z,0
CVE-2015-4411,https://securityvulnerability.io/vulnerability/CVE-2015-4411,,The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410.,Mongodb,Bson,7.5,HIGH,0.02133999951183796,false,false,false,false,,false,false,2020-02-20T16:24:22.000Z,0
CVE-2018-13863,https://securityvulnerability.io/vulnerability/CVE-2018-13863,,The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.,Mongodb,Js-bson,7.5,HIGH,0.001019999966956675,false,false,false,false,,false,false,2018-07-10T20:29:00.000Z,0