Search CVE reports
1 – 4 of 4 results
CVE-2021-32050
Medium prioritySome MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific...
3 affected packages
mongo-c-driver, node-mongodb, php-mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mongo-c-driver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
node-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
php-mongodb | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-2391
Medium priorityIncorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library...
1 affected packages
node-mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-mongodb | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2020-7610
Medium priorityAll versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the...
1 affected packages
node-mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-mongodb | Not affected | Not affected | Needs evaluation | Not in release | Not in release |
CVE-2018-13863
Unknown priorityThe MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when...
1 affected packages
node-mongodb
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-mongodb | — | — | Not affected | Not in release | Not in release |