BSON, a binary serialization format, offers two early versions, 0.0.3 and 0.0.4, of interest to developers working with Node.js and potentially browser environments. Version 0.0.3, released in April 2011, serves as a foundational BSON library for Node.js, providing core serialization and deserialization capabilities. It has no listed dependencies or development dependencies, suggesting a lean and focused implementation. The repository URL points to '0ctave/node-bson' indicating an earlier location for the project's codebase.
Version 0.0.4, released a year later in April 2012, builds upon this foundation with enhancements targeting both Node.js and browser compatibility. This version's description explicitly states its suitability for both environments. A key difference lies in the introduction of development dependencies: 'gleak' for memory leak detection and 'nodeunit' for unit testing. This signals a greater emphasis on code quality and stability in version 0.0.4. Furthermore, the repository URL changes to 'christkv/bson', reflecting a potential change in maintainership or repository organization. While both versions are relatively old, developers seeking a lightweight BSON parser for legacy projects might find them useful. Version 0.0.4 is preferable due to its testing and browser compatibility claims, although both should undergo thorough evaluation before deployment.
All the vulnerabilities related to the version 0.0.4 of the package
Deserialization of Untrusted Data in bson
Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.
Deserialization of Untrusted Data in bson
All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.
