What is CVE-2018-13863?

CVE-2018-13863 is a vulnerability in the MongoDB bson JavaScript module (js-bson), versions 0.5.0 to 1.0.x before 1.0.5, that allows for a Regular Expression Denial of Service (ReDoS) in the lib/bson/decimal128.js file.

What is the severity of CVE-2018-13863?

The severity of CVE-2018-13863 is high with a CVSS severity score of 7.5.

How does CVE-2018-13863 affect the software?

CVE-2018-13863 affects the MongoDB bson JavaScript module (js-bson) versions 0.5.0 to 1.0.x before 1.0.5, as well as the Mongodb Js-bson package.

What is the fix for CVE-2018-13863?

The fix for CVE-2018-13863 is to update the affected software to version 1.0.5 or later.

Is there any additional information about CVE-2018-13863?

Yes, you can find more information about CVE-2018-13863 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-13863), [GitHub Commit](https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a), [GitHub Advisory](https://github.com/advisories/GHSA-8462-q7x7-g2x4).

Vulnerability/
CVE-2018-13863

high

7.5

CWE

185 400

10/7/2018

17/9/2018

3/10/2022

5/8/2024

CVE-2018-13863

First published: Tue Jul 10 2018(Updated: )

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Mongodb Js-bson	>=0.5.0<1.0.5

Remedy

https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-13863?
CVE-2018-13863 is a vulnerability in the MongoDB bson JavaScript module (js-bson), versions 0.5.0 to 1.0.x before 1.0.5, that allows for a Regular Expression Denial of Service (ReDoS) in the lib/bson/decimal128.js file.
What is the severity of CVE-2018-13863?
The severity of CVE-2018-13863 is high with a CVSS severity score of 7.5.
How does CVE-2018-13863 affect the software?
CVE-2018-13863 affects the MongoDB bson JavaScript module (js-bson) versions 0.5.0 to 1.0.x before 1.0.5, as well as the Mongodb Js-bson package.
What is the fix for CVE-2018-13863?
The fix for CVE-2018-13863 is to update the affected software to version 1.0.5 or later.
Is there any additional information about CVE-2018-13863?
Yes, you can find more information about CVE-2018-13863 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-13863), [GitHub Commit](https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a), [GitHub Advisory](https://github.com/advisories/GHSA-8462-q7x7-g2x4).

collector/github-advisory-latest
alias/GHSA-8462-q7x7-g2x4
alias/CVE-2018-13863
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/description
agent/event
agent/first-publish-date
agent/remedy
agent/softwarecombine
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
package-manager/npm
vendor/mongodb
canonical/mongodb js-bson
version/mongodb js-bson/0.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.