Description
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Remediation
References
https://snyk.io/vuln/SNYK-JS-BSON-561052
Related Vulnerabilities
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-elasticsearch-8
CVE-2020-7608 Vulnerability in npm package yargs-parser
CVE-2016-1182 Vulnerability in maven package struts:struts
CVE-2022-24822 Vulnerability in npm package @podium/proxy
CVE-2020-7780 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.13