Search for packages
| purl | pkg:gem/bson@1.12.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-sa5p-bz7n-17aw
Aliases: CVE-2015-4411 GHSA-qh4w-7pw3-p4rp |
Potential denial of service in bson rubygem The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mha4-yc5v-8uhm | Data Injection Vulnerability A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object. |
CVE-2015-4412
GHSA-h6rj-8r3c-9gpj |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-05T16:24:08.173904+00:00 | GHSA Importer | Affected by | VCID-sa5p-bz7n-17aw | https://github.com/advisories/GHSA-qh4w-7pw3-p4rp | 38.6.0 |
| 2026-06-05T16:17:20.830007+00:00 | GHSA Importer | Fixing | VCID-mha4-yc5v-8uhm | https://github.com/advisories/GHSA-h6rj-8r3c-9gpj | 38.6.0 |
| 2026-06-04T20:27:26.009983+00:00 | GitLab Importer | Affected by | VCID-sa5p-bz7n-17aw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bson/CVE-2015-4411.yml | 38.6.0 |
| 2026-06-04T17:39:33.261686+00:00 | GithubOSV Importer | Fixing | VCID-mha4-yc5v-8uhm | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-h6rj-8r3c-9gpj/GHSA-h6rj-8r3c-9gpj.json | 38.6.0 |
| 2026-06-02T04:37:30.275727+00:00 | GitLab Importer | Fixing | VCID-mha4-yc5v-8uhm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bson/CVE-2015-4412.yml | 38.6.0 |