Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| go.mongodb.org/mongo-driver(Go) | 0 | 1.5.1 | N/A |
CVSS Metrics
