Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.

Affected Packages

npm bson

Affected versions: 0 (fixed in 1.1.4)

Related CVEs

CVE-2019-2391

Key Information

GHSA ID

GHSA-4jwp-vfvf-657p

Published

February 10, 2022 11:30 PM

Last Modified

June 20, 2023 2:22 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

bson

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 7, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.