Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0. Reference: https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20329
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2023:1409 https://access.redhat.com/errata/RHSA-2023:1409
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:1392 https://access.redhat.com/errata/RHSA-2023:1392
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:1504 https://access.redhat.com/errata/RHSA-2023:1504
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.9 Via RHSA-2023:1525 https://access.redhat.com/errata/RHSA-2023:1525
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:1656 https://access.redhat.com/errata/RHSA-2023:1656
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1326 https://access.redhat.com/errata/RHSA-2023:1326
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:1328 https://access.redhat.com/errata/RHSA-2023:1328
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.2 for RHEL 8 Via RHSA-2023:3645 https://access.redhat.com/errata/RHSA-2023:3645
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:4730 https://access.redhat.com/errata/RHSA-2023:4730
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5007 https://access.redhat.com/errata/RHSA-2023:5007
This issue has been addressed in the following products: RHEL-9-CNV-4.14 Via RHSA-2023:6817 https://access.redhat.com/errata/RHSA-2023:6817
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:0193 https://access.redhat.com/errata/RHSA-2024:0193