Search for packages
| purl | pkg:gem/bson@1.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-mha4-yc5v-8uhm
Aliases: CVE-2015-4412 GHSA-h6rj-8r3c-9gpj |
Data Injection Vulnerability A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-sa5p-bz7n-17aw
Aliases: CVE-2015-4411 GHSA-qh4w-7pw3-p4rp |
Potential denial of service in bson rubygem The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T20:27:25.702665+00:00 | GitLab Importer | Affected by | VCID-sa5p-bz7n-17aw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bson/CVE-2015-4411.yml | 38.6.0 |
| 2026-06-04T20:11:07.543783+00:00 | GitLab Importer | Affected by | VCID-mha4-yc5v-8uhm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bson/CVE-2015-4412.yml | 38.6.0 |