Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Jun 2015 17:58:14 -0700
From: Phill MV <>
Subject: CVE Request: bson-ruby DoS and possible injection


Egor Homakov recently disclosed a vulnerability in the `bson` rubygem as
seen here:

Could we please get a CVE?

By submitting a specially crafted string to a service relying on the bson
rubygem, an attacker may trigger denials of service or even inject data
into victim's MongoDB instances.

Users are advised to update to versions >= 3.0.4 of the `bson` rubygem.
Relevant commits can be seen here:

Phillip Mendonça-Vieira
@phillmv <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ