Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BSON ObjectID 输入验证错误漏洞
Vulnerability Description
BSON ObjectID是一款使用在Node.js中的、用于创建和解析ObjectID的模块。 BSON ObjectID 1.3.0版本(用于Node.js)中的存在输入验证错误漏洞。远程攻击者可借助特制的objectid利用该漏洞绕过格式化保护限制。
CVSS Information
N/A
Vulnerability Type
N/A