Search for packages
| purl | pkg:gem/bson@3.0.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mha4-yc5v-8uhm | Data Injection Vulnerability A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object. |
CVE-2015-4412
GHSA-h6rj-8r3c-9gpj |
| VCID-sa5p-bz7n-17aw | Potential denial of service in bson rubygem The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. |
CVE-2015-4411
GHSA-qh4w-7pw3-p4rp |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T17:39:33.336799+00:00 | GithubOSV Importer | Fixing | VCID-mha4-yc5v-8uhm | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-h6rj-8r3c-9gpj/GHSA-h6rj-8r3c-9gpj.json | 38.6.0 |
| 2026-06-04T17:21:23.147872+00:00 | GithubOSV Importer | Fixing | VCID-sa5p-bz7n-17aw | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-qh4w-7pw3-p4rp/GHSA-qh4w-7pw3-p4rp.json | 38.6.0 |
| 2026-06-04T16:19:48.396303+00:00 | GitLab Importer | Fixing | VCID-sa5p-bz7n-17aw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bson/CVE-2015-4411.yml | 38.6.0 |
| 2026-06-02T04:37:30.280371+00:00 | GitLab Importer | Fixing | VCID-mha4-yc5v-8uhm | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/bson/CVE-2015-4412.yml | 38.6.0 |