Matt Broadstone

1 exploit Active since Jul 2018
CVE-2018-13863 WRITEUP HIGH WRITEUP
mongodb/js-bson 0.5.0-1.0.4 - Regular Expression Denial of Service in Decimal128.fromString()
The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.
CVSS 7.5