{"url":"http://public2.vulnerablecode.io/api/packages/78632?format=json","purl":"pkg:golang/go.mongodb.org/mongo-driver@1.5.1","type":"golang","namespace":"go.mongodb.org","name":"mongo-driver","version":"1.5.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.5.1","latest_non_vulnerable_version":"1.5.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44777?format=json","vulnerability_id":"VCID-ksc1-n735-sugs","summary":"go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON\nSpecific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20329.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20329.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20329","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33776","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20329"},{"reference_url":"https://github.com/mongodb/mongo-go-driver","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mongodb/mongo-go-driver"},{"reference_url":"https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca"},{"reference_url":"https://github.com/mongodb/mongo-go-driver/pull/622","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mongodb/mongo-go-driver/pull/622"},{"reference_url":"https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"},{"reference_url":"https://jira.mongodb.org/browse/GODRIVER-1923","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://jira.mongodb.org/browse/GODRIVER-1923"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20329","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20329"},{"reference_url":"https://pkg.go.dev/vuln/GO-2021-0112","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2021-0112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1971033","reference_id":"1971033","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1971033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1326","reference_id":"RHSA-2023:1326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1328","reference_id":"RHSA-2023:1328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1392","reference_id":"RHSA-2023:1392","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1392"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1409","reference_id":"RHSA-2023:1409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1504","reference_id":"RHSA-2023:1504","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1504"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1525","reference_id":"RHSA-2023:1525","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1525"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1656","reference_id":"RHSA-2023:1656","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1656"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3645","reference_id":"RHSA-2023:3645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4730","reference_id":"RHSA-2023:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5006","reference_id":"RHSA-2023:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5007","reference_id":"RHSA-2023:5007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:6817","reference_id":"RHSA-2023:6817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:6817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0193","reference_id":"RHSA-2024:0193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0193"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/78632?format=json","purl":"pkg:golang/go.mongodb.org/mongo-driver@1.5.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/go.mongodb.org/mongo-driver@1.5.1"}],"aliases":["CVE-2021-20329","GHSA-f6mq-5m25-4r72"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksc1-n735-sugs"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:golang/go.mongodb.org/mongo-driver@1.5.1"}