Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 4 of 4 results

CVE-2021-32050

Medium priority
Needs evaluation

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific...

3 affected packages

mongo-c-driver, node-mongodb, php-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
mongo-c-driver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
node-mongodb Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
php-mongodb Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2019-2391

Medium priority
Needs evaluation

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library...

1 affected packages

node-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-mongodb Not affected Not affected Needs evaluation Not in release Not in release
Show less packages

CVE-2020-7610

Medium priority
Needs evaluation

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the...

1 affected packages

node-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-mongodb Not affected Not affected Needs evaluation Not in release Not in release
Show less packages

CVE-2018-13863

Unknown priority
Not affected

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when...

1 affected packages

node-mongodb

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
node-mongodb Not affected Not in release Not in release
Show less packages