зеркало из https://github.com/golang/vulndb.git
175 строки
6.2 KiB
JSON
175 строки
6.2 KiB
JSON
{
|
|
"id": "GO-2021-0112",
|
|
"published": "2021-07-28T18:08:05Z",
|
|
"modified": "0001-01-01T00:00:00Z",
|
|
"aliases": [
|
|
"CVE-2021-20329",
|
|
"GHSA-f6mq-5m25-4r72"
|
|
],
|
|
"details": "Due to improper input sanitization when marshalling Go objects into BSON, a maliciously constructed Go structure could allow an attacker to inject additional fields into a MongoDB document. Users are affected if they use this package to handle untrusted user input.",
|
|
"affected": [
|
|
{
|
|
"package": {
|
|
"name": "go.mongodb.org/mongo-driver",
|
|
"ecosystem": "Go"
|
|
},
|
|
"ranges": [
|
|
{
|
|
"type": "SEMVER",
|
|
"events": [
|
|
{
|
|
"introduced": "0"
|
|
},
|
|
{
|
|
"fixed": "1.5.1"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"database_specific": {
|
|
"url": "https://pkg.go.dev/vuln/GO-2021-0112"
|
|
},
|
|
"ecosystem_specific": {
|
|
"imports": [
|
|
{
|
|
"path": "go.mongodb.org/mongo-driver/x/bsonx/bsoncore",
|
|
"symbols": [
|
|
"AppendArrayElement",
|
|
"AppendArrayElementStart",
|
|
"AppendBinaryElement",
|
|
"AppendBooleanElement",
|
|
"AppendCodeWithScopeElement",
|
|
"AppendDBPointerElement",
|
|
"AppendDateTimeElement",
|
|
"AppendDecimal128Element",
|
|
"AppendDocumentElement",
|
|
"AppendDocumentElementStart",
|
|
"AppendDoubleElement",
|
|
"AppendHeader",
|
|
"AppendInt32Element",
|
|
"AppendInt64Element",
|
|
"AppendJavaScriptElement",
|
|
"AppendMaxKeyElement",
|
|
"AppendMinKeyElement",
|
|
"AppendNullElement",
|
|
"AppendObjectIDElement",
|
|
"AppendRegex",
|
|
"AppendRegexElement",
|
|
"AppendStringElement",
|
|
"AppendSymbolElement",
|
|
"AppendTimeElement",
|
|
"AppendTimestampElement",
|
|
"AppendUndefinedElement",
|
|
"AppendValueElement",
|
|
"ArrayBuilder.AppendArray",
|
|
"ArrayBuilder.AppendBinary",
|
|
"ArrayBuilder.AppendBoolean",
|
|
"ArrayBuilder.AppendCodeWithScope",
|
|
"ArrayBuilder.AppendDBPointer",
|
|
"ArrayBuilder.AppendDateTime",
|
|
"ArrayBuilder.AppendDecimal128",
|
|
"ArrayBuilder.AppendDocument",
|
|
"ArrayBuilder.AppendDouble",
|
|
"ArrayBuilder.AppendInt32",
|
|
"ArrayBuilder.AppendInt64",
|
|
"ArrayBuilder.AppendJavaScript",
|
|
"ArrayBuilder.AppendMaxKey",
|
|
"ArrayBuilder.AppendMinKey",
|
|
"ArrayBuilder.AppendNull",
|
|
"ArrayBuilder.AppendObjectID",
|
|
"ArrayBuilder.AppendRegex",
|
|
"ArrayBuilder.AppendString",
|
|
"ArrayBuilder.AppendSymbol",
|
|
"ArrayBuilder.AppendTimestamp",
|
|
"ArrayBuilder.AppendUndefined",
|
|
"ArrayBuilder.AppendValue",
|
|
"ArrayBuilder.StartArray",
|
|
"BuildArray",
|
|
"BuildArrayElement",
|
|
"BuildDocumentElement",
|
|
"DocumentBuilder.AppendArray",
|
|
"DocumentBuilder.AppendBinary",
|
|
"DocumentBuilder.AppendBoolean",
|
|
"DocumentBuilder.AppendCodeWithScope",
|
|
"DocumentBuilder.AppendDBPointer",
|
|
"DocumentBuilder.AppendDateTime",
|
|
"DocumentBuilder.AppendDecimal128",
|
|
"DocumentBuilder.AppendDocument",
|
|
"DocumentBuilder.AppendDouble",
|
|
"DocumentBuilder.AppendInt32",
|
|
"DocumentBuilder.AppendInt64",
|
|
"DocumentBuilder.AppendJavaScript",
|
|
"DocumentBuilder.AppendMaxKey",
|
|
"DocumentBuilder.AppendMinKey",
|
|
"DocumentBuilder.AppendNull",
|
|
"DocumentBuilder.AppendObjectID",
|
|
"DocumentBuilder.AppendRegex",
|
|
"DocumentBuilder.AppendString",
|
|
"DocumentBuilder.AppendSymbol",
|
|
"DocumentBuilder.AppendTimestamp",
|
|
"DocumentBuilder.AppendUndefined",
|
|
"DocumentBuilder.AppendValue",
|
|
"DocumentBuilder.StartDocument"
|
|
]
|
|
},
|
|
{
|
|
"path": "go.mongodb.org/mongo-driver/bson/bsonrw",
|
|
"symbols": [
|
|
"Copier.AppendArrayBytes",
|
|
"Copier.AppendDocumentBytes",
|
|
"Copier.AppendValueBytes",
|
|
"Copier.CopyArrayFromBytes",
|
|
"Copier.CopyBytesToArrayWriter",
|
|
"Copier.CopyBytesToDocumentWriter",
|
|
"Copier.CopyDocument",
|
|
"Copier.CopyDocumentFromBytes",
|
|
"Copier.CopyDocumentToBytes",
|
|
"Copier.CopyValue",
|
|
"Copier.CopyValueFromBytes",
|
|
"Copier.CopyValueToBytes",
|
|
"CopyDocument",
|
|
"valueWriter.WriteArray",
|
|
"valueWriter.WriteBinary",
|
|
"valueWriter.WriteBinaryWithSubtype",
|
|
"valueWriter.WriteBoolean",
|
|
"valueWriter.WriteCodeWithScope",
|
|
"valueWriter.WriteDBPointer",
|
|
"valueWriter.WriteDateTime",
|
|
"valueWriter.WriteDecimal128",
|
|
"valueWriter.WriteDocument",
|
|
"valueWriter.WriteDouble",
|
|
"valueWriter.WriteInt32",
|
|
"valueWriter.WriteInt64",
|
|
"valueWriter.WriteJavascript",
|
|
"valueWriter.WriteMaxKey",
|
|
"valueWriter.WriteMinKey",
|
|
"valueWriter.WriteNull",
|
|
"valueWriter.WriteObjectID",
|
|
"valueWriter.WriteRegex",
|
|
"valueWriter.WriteString",
|
|
"valueWriter.WriteSymbol",
|
|
"valueWriter.WriteTimestamp",
|
|
"valueWriter.WriteUndefined",
|
|
"valueWriter.WriteValueBytes",
|
|
"valueWriter.writeElementHeader"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"type": "FIX",
|
|
"url": "https://github.com/mongodb/mongo-go-driver/pull/622"
|
|
},
|
|
{
|
|
"type": "FIX",
|
|
"url": "https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca"
|
|
},
|
|
{
|
|
"type": "WEB",
|
|
"url": "https://jira.mongodb.org/browse/GODRIVER-1923"
|
|
}
|
|
]
|
|
} |