acl@0.4.11 module depends on mongodb@2.2.36 and mongodb-core@2.1.20. Both these mongodb related modules depends on bson@1.0.9.
Below vulnerability found with bson version 1.0.9 that currently used in acl@0.4.11 with mongodb modules.
This bson related vulnerability has been fixed in latest version of mongodb and mongodb-core modules.
acl module needs to fix this bson related vulnerability by consuming the latest version of mongodb and mongodb-core modules.
Name: CVE-2020-7610
Library: bson-1.0.9.tgz
Library Paths:
/node_modules/acl/node_modules/bson/package.json
Severity: HIGH
Description: All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type
acl@0.4.11 module depends on mongodb@2.2.36 and mongodb-core@2.1.20. Both these mongodb related modules depends on bson@1.0.9.
Below vulnerability found with bson version 1.0.9 that currently used in acl@0.4.11 with mongodb modules.
This bson related vulnerability has been fixed in latest version of mongodb and mongodb-core modules.
acl module needs to fix this bson related vulnerability by consuming the latest version of mongodb and mongodb-core modules.
Name: CVE-2020-7610
Library: bson-1.0.9.tgz
Library Paths:
/node_modules/acl/node_modules/bson/package.json
Severity: HIGH
Description: All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type