The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-07-10T20:00:00Z
Updated: 2024-09-16T23:21:48.488Z
Reserved: 2018-07-10T00:00:00Z
Link: CVE-2018-13863
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-10T20:29:00.220
Modified: 2024-11-21T03:48:12.537
Link: CVE-2018-13863
Redhat