Data Injection Vulnerability in moped Rubygem
Published: June 04, 2015
SECURITY IDENTIFIERS
- CVE: CVE-2015-4410 (NVD)
- GHSA: GHSA-f93j-hmcr-jcwh
- Vendor Advisory: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
~> 1.5.3
>= 2.0.5
DESCRIPTION
A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.