Candidate: CVE-2018-13863
PublicDate: 2018-07-10 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13863
 https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a (1.0.5)
Description:
 The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0
 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of
 Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the
 Decimal128.fromString() function is called to parse a long untrusted
 string.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_node-mongodb:
upstream_node-mongodb: released (3.1.10+~3.1.9-1)
precise/esm_node-mongodb: DNE
trusty_node-mongodb: ignored (out of standard support)
trusty/esm_node-mongodb: DNE
xenial_node-mongodb: DNE
bionic_node-mongodb: DNE
focal_node-mongodb: not-affected (3.5.5+~3.2.7-1)
devel_node-mongodb: not-affected