VDB
CVE-2021-20329
CVE-2021-20329
REJECTED
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
EPSS 0.14% · 33.8th percentile
Risk Scores
EPSS Score
0.14%
33.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | mongodb | *, *, 0 |
| Ubuntu:18.04:LTS | mongodb | 1:3.4.14-3ubuntu1, 1:3.6.3-0ubuntu1.1, 1:3.6.3-0ubuntu1.3 |
| Ubuntu:14.04:LTS | mongodb | *, *, * |
| Ubuntu:16.04:LTS | mongodb | *, 0 |
Timeline
- Jun 10, 2021 CVE Published
- Jun 11, 2021 EPSS Score
- Aug 12, 2021 EPSS Score
- Oct 11, 2021 EPSS Score
- Dec 11, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 11, 2022 EPSS Score
- Jun 11, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-20329 third-party-advisory
- https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-20329 third-party-advisory