CVE-2015-4412: Data Injection Vulnerability

February 5, 2018 (updated March 13, 2018)

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

References

sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
seclists.org/oss-sec/2015/q2/653
github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999

Code Behaviors & Features

Detect and mitigate CVE-2015-4412 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →