Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/bson@1.0.3

Type gem

Namespace

Name bson

Version 1.0.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.4

Latest_non_vulnerable_version 3.0.4

Affected_by_vulnerabilities

url VCID-mha4-yc5v-8uhm

vulnerability_id VCID-mha4-yc5v-8uhm

summary

Data Injection Vulnerability
A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4412.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4412.json

reference_url

http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4412

reference_id

reference_type

scores

value	0.01749
scoring_system	epss
scoring_elements	0.82897
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4412

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1229750

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1229750

reference_url	http://seclists.org/oss-sec/2015/q2/653
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2015/q2/653

reference_url

https://github.com/advisories/GHSA-h6rj-8r3c-9gpj

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h6rj-8r3c-9gpj

reference_url

https://github.com/mongodb/bson-ruby

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby

reference_url

https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999

reference_url

https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bson/CVE-2015-4412.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bson/CVE-2015-4412.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-4412

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-4412

reference_url

https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

reference_url

http://www.openwall.com/lists/oss-security/2015/06/06/3

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/06/06/3

reference_url

http://www.securityfocus.com/bid/75045

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/75045

fixed_packages

url pkg:gem/bson@1.12.3

purl pkg:gem/bson@1.12.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sa5p-bz7n-17aw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bson@1.12.3

url	pkg:gem/bson@3.0.4
purl	pkg:gem/bson@3.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/bson@3.0.4

aliases CVE-2015-4412, GHSA-h6rj-8r3c-9gpj

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mha4-yc5v-8uhm

url VCID-sa5p-bz7n-17aw

vulnerability_id VCID-sa5p-bz7n-17aw

summary

Potential denial of service in bson rubygem
The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4
as used in rubygem-moped allows remote attackers to cause a denial of service (worker
resource consumption) via a crafted string. NOTE: This issue is due to an incomplete
fix to CVE-2015-4410.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4411.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4411.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-4411

reference_id

reference_type

scores

value	0.0353
scoring_system	epss
scoring_elements	0.87868
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-4411

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1229706

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1229706

reference_url

https://github.com/advisories/GHSA-qh4w-7pw3-p4rp

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-qh4w-7pw3-p4rp

reference_url

https://github.com/mongodb/bson-ruby

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby

reference_url

https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999

reference_url

https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191

reference_url

https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7

reference_url

https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bson/CVE-2015-4411.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bson/CVE-2015-4411.yml

reference_url

https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html

reference_url

https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

reference_url

https://seclists.org/oss-sec/2015/q2/653

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/oss-sec/2015/q2/653

reference_url

https://security-tracker.debian.org/tracker/CVE-2015-4411

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2015-4411

reference_url

https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228085849/http://www.securityfocus.com/bid/75045

reference_url

http://www.openwall.com/lists/oss-security/2015/06/06/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/06/06/3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-4411

reference_id

CVE-2015-4411

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-4411

fixed_packages

url	pkg:gem/bson@3.0.4
purl	pkg:gem/bson@3.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/bson@3.0.4

aliases CVE-2015-4411, GHSA-qh4w-7pw3-p4rp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sa5p-bz7n-17aw

url VCID-yuyr-c6ed-ffem

vulnerability_id VCID-yuyr-c6ed-ffem

summary bson is vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's `_bsotype`, leading to cases where an object is serialized as a document rather than the intended BSON type.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7610.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7610.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7610

reference_id

reference_type

scores

value	0.00541
scoring_system	epss
scoring_elements	0.68019
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7610

reference_url

https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8

reference_url

https://snyk.io/vuln/SNYK-JS-BSON-561052

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://snyk.io/vuln/SNYK-JS-BSON-561052

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1820136
reference_id	1820136
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1820136

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7610

reference_id

CVE-2020-7610

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7610

fixed_packages

url pkg:gem/bson@1.1.4

purl pkg:gem/bson@1.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-mha4-yc5v-8uhm

vulnerability	VCID-sa5p-bz7n-17aw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bson@1.1.4

aliases CVE-2020-7610, GHSA-v8w9-2789-6hhr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yuyr-c6ed-ffem

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/bson@1.0.3

Package Instance