CVE-2020-7610: Deserialization of Untrusted Data
(updated )
All versions of bson are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object’s _bsotype
, leading to cases where an object is serialized as a document rather than the intended BSON type.
References
Detect and mitigate CVE-2020-7610 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →