CVE-2015-4412 (bson): Data Injection Vulnerability in bson Rubygem

CVE: CVE-2015-4412 ( NVD )
GHSA: GHSA-h6rj-8r3c-9gpj
Vendor Advisory: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

Data Injection Vulnerability in bson Rubygem

Published: June 04, 2015

CVSS v3.x: 9.8 (Critical)

~> 1.12.3 >= 3.0.4

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.