[CSHARP-4475] Add an AllowedTypes filter to ObjectSerializer Created: 05/Jan/23 Updated: 24/Jan/24 Resolved: 26/Jan/23 |
|
| Status: | Closed |
| Project: | C# Driver |
| Component/s: | Serialization |
| Affects Version/s: | 2.18.0 |
| Fix Version/s: | 2.19.0 |
| Type: | Improvement | Priority: | Unknown |
| Reporter: | Robert Stam | Assignee: | Robert Stam |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||
| Description |
|
CVE-2022-48282 Title: Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution CVE ID: CVE-2022-48282 Description: This issue's CVSS:3.1 severity is scored at 6.6 using the following scoring metrics: All Affected Product Versions: All MongoDB .NET/C# Driver versions prior to and including v2.18.0 CWE: CWE - 502 : Deserialization of Untrusted Data Is a Fixed Version Available?: MongoDB .NET/C# Driver v2.19.0 How was the Issue Found? (Internally/Externally): Externally Internal Jira Reference: Required Configuration for Exposure (Optional): |
| Comments |
| Comment by Githook User [ 21/Feb/23 ] |
|
Author: {'name': 'James Kovacs', 'email': 'jkovacs@post.harvard.edu', 'username': 'JamesKovacs'}Message: |
| Comment by Githook User [ 26/Jan/23 ] |
|
Author: {'name': 'rstam', 'email': 'robert@robertstam.org', 'username': 'rstam'}Message: |