CVE-2015-4410: Data Injection Vulnerability

June 4, 2015

A flaw in the ObjectId validation regular expression can enable attackers to inject arbitrary information into a given BSON object.

References

sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
seclists.org/oss-sec/2015/q2/653
github.com/mongoid/moped/commit/276fbfd23c5ffb65e6bd18d564c8b6878c2498ac
github.com/mongoid/moped/commit/fdaf918995526c1554d304af2da9f04c69187402

Code Behaviors & Features

Detect and mitigate CVE-2015-4410 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →