ReportizFlow
Filtered by vendor Mongodb
Subscriptions
Filtered by product Go Driver
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2303 | 1 Mongodb | 1 Go Driver | 2026-02-12 | 6.5 Medium |
| The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer. | ||||
| CVE-2021-20329 | 2 Mongodb, Redhat | 4 Go Driver, Container Native Virtualization, Openshift and 1 more | 2024-11-21 | 6.8 Medium |
| Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers prior to and including 1.5.0. | ||||
Page 1 of 1.