<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:37:26 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-1923] BSON cstrings are not properly validated</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-1923</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;BSON marshalling functions would incorrectly handle null bytes embedded in BSON key names and the pattern/options fields of a BSON regex value. BSON marshalling functions now correctly validate and error if there is an embedded null byte in BSON key names or the pattern/options fields of a BSON regex value.&lt;/p&gt;
&lt;h1&gt;&lt;a name=&quot;CVEID%3ACVE202120329&quot;&gt;&lt;/a&gt;CVE ID: CVE-2021-20329&lt;/h1&gt;

&lt;p&gt;&lt;b&gt;Title&lt;/b&gt;: Specific cstrings input may not be properly validated in the MongoDB Go Driver&lt;br/&gt;
 &lt;b&gt;Description&lt;/b&gt;: Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0.&lt;br/&gt;
 &lt;b&gt;CVSS score&lt;/b&gt;: 6.8&lt;br/&gt;
 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N&lt;br/&gt;
 &lt;b&gt;Affected products and versions&lt;/b&gt;, MongoDB Go Driver versions &amp;lt;= 1.5.0&lt;br/&gt;
 &lt;b&gt;Underlying operating systems affected&lt;/b&gt;: All&lt;/p&gt;</description>
                <environment></environment>
        <key id="1650009">GODRIVER-1923</key>
            <summary>BSON cstrings are not properly validated</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="divjot.arora@mongodb.com">Divjot Arora</assignee>
                                    <reporter username="divjot.arora@mongodb.com">Divjot Arora</reporter>
                        <labels>
                    </labels>
                <created>Tue, 16 Mar 2021 15:28:50 +0000</created>
                <updated>Sat, 28 Oct 2023 11:37:52 +0000</updated>
                            <resolved>Mon, 29 Mar 2021 23:39:24 +0000</resolved>
                                                    <fixVersion>1.5.1</fixVersion>
                                                        <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="3875760" author="xgen-internal-githook" created="Mon, 14 Jun 2021 13:45:09 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Isabella Siu&apos;, &apos;email&apos;: &apos;isabella.siu@mongodb.com&apos;, &apos;username&apos;: &apos;iwysiu&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-1923&quot; title=&quot;BSON cstrings are not properly validated&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-1923&quot;&gt;&lt;del&gt;GODRIVER-1923&lt;/del&gt;&lt;/a&gt; Error if BSON cstrings contain null bytes (#622) (#684)&lt;/p&gt;

&lt;p&gt;Co-authored-by: Divjot Arora &amp;lt;divjot.arora@10gen.com&amp;gt;&lt;br/&gt;
Branch: release/1.3&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/98af5b4c5e755de06855976b05bed45b44b2d24a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/98af5b4c5e755de06855976b05bed45b44b2d24a&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3872073" author="xgen-internal-githook" created="Thu, 10 Jun 2021 21:50:07 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Divjot Arora&apos;, &apos;email&apos;: &apos;divjot.arora@10gen.com&apos;, &apos;username&apos;: &apos;divjotarora&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-1923&quot; title=&quot;BSON cstrings are not properly validated&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-1923&quot;&gt;&lt;del&gt;GODRIVER-1923&lt;/del&gt;&lt;/a&gt; Error if BSON cstrings contain null bytes (#622)&lt;br/&gt;
Branch: release/1.4&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/4436297cc5371974a7f0aa5f0b0474ad2501ca35&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/4436297cc5371974a7f0aa5f0b0474ad2501ca35&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3690336" author="xgen-internal-githook" created="Mon, 29 Mar 2021 23:39:13 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Divjot Arora&apos;, &apos;email&apos;: &apos;divjot.arora@10gen.com&apos;, &apos;username&apos;: &apos;divjotarora&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-1923&quot; title=&quot;BSON cstrings are not properly validated&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-1923&quot;&gt;&lt;del&gt;GODRIVER-1923&lt;/del&gt;&lt;/a&gt; Error if BSON cstrings contain null bytes (#622)&lt;br/&gt;
Branch: release/1.5&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/3a89e6cde18d6ac5d38f39b54eaa8d4e321fd118&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3690333" author="xgen-internal-githook" created="Mon, 29 Mar 2021 23:38:19 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Divjot Arora&apos;, &apos;email&apos;: &apos;divjot.arora@10gen.com&apos;, &apos;username&apos;: &apos;divjotarora&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-1923&quot; title=&quot;BSON cstrings are not properly validated&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-1923&quot;&gt;&lt;del&gt;GODRIVER-1923&lt;/del&gt;&lt;/a&gt; Error if BSON cstrings contain null bytes (#622)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/2aca31d5986a9e1c65a92264736de9fdc3b9b4ca&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3682953" author="divjot.arora" created="Thu, 25 Mar 2021 00:58:14 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/622&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/pull/622&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="1821014">GODRIVER-2083</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hx45zb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>