RubySec

Providing security resources for the Ruby community

CVE-2015-4412 (bson): Data Injection Vulnerability in bson Rubygem

ADVISORIES

GEM

bson

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

  • ~> 1.12.3
  • >= 3.0.4

DESCRIPTION

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories