Description
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.
Remediation
References
https://snyk.io/vuln/SNYK-JS-BSON-561052
Related Vulnerabilities
CVE-2019-25028 Vulnerability in maven package com.vaadin:vaadin-server
CVE-2021-26539 Vulnerability in npm package sanitize-html
CVE-2022-23221 Vulnerability in maven package com.h2database:h2
CVE-2022-3510 Vulnerability in maven package com.google.protobuf:protobuf-java
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-manager