CVE-2020-7610: Deserialization of Untrusted Data

March 30, 2020 (updated April 1, 2020)

All versions of bson are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object’s _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.

References

nvd.nist.gov/vuln/detail/CVE-2020-7610

Code Behaviors & Features

Detect and mitigate CVE-2020-7610 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →