CVE-2020-7610

Name of the Vulnerable Software and Affected Versions bson versions prior to 1.1.4

Description The issue is related to the deserialization of untrusted data in the bson package. It occurs when the package ignores an unknown value for an object's bsotype or bsontype, leading to incorrect serialization of the object as a document instead of the intended BSON type. This can potentially allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 1.1.4, update to version 1.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the deserialization of untrusted data to minimize the risk of exploitation. Avoid using unknown or untrusted values for an object's bsotype or bsontype until the issue is resolved.