Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2015-4412

BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.

Published: Feb 5, 2018
Updated: Nov 9, 2025
CVE: CVE-2015-4412
GHSA: GHSA-h6rj-8r3c-9gpj
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
bson_project / bson	3.0.3	3.0.3.x
bson	-	1.12.3
bson	2.0	3.0.4

http://www.openwall.com/lists/oss-security/2015/06/06/3
http://www.securityfocus.com/bid/75045
https://bugzilla.redhat.com/show_bug.cgi?id=1229750
https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999
https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7
https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo