CVE-2021-20329 #430
Description
一、漏洞信息
漏洞编号:CVE-2021-20329
漏洞归属组件:mongo-driver
漏洞归属分支:master
漏洞归属的版本:1.4.4
漏洞修复版本: 1.5.1
CVSS分值:
BaseScore: 6.5 Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
漏洞简述:
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
漏洞公开时间:2021-06-10 17:15:08
漏洞创建时间:2026-01-22 20:00:23
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2021-20329