github.com/mongodb/mongo-go-driver is vulnerable to improper input validation. A remote attacker could use a Go object with a specifically crafted string, to inject additional fields into marshalled documents due to the insufficient validations in BSON marshalling functions.