BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bson_project | bson | 3.0.3 |