CVE-2015-4412: rubygem-bson: data injection vulnerability through a crafted ObjectId

Severity: Critical

CVSS Score: 9.8

BSON injection vulnerability in the legal? function in BSON (bson-ruby) gem before 3.0.4 for Ruby allows remote attackers to cause a denial of service (resource consumption) or inject arbitrary data via a crafted string.