www.mongodb.com
Open in
urlscan Pro
2600:9000:2490:4400:7:7859:3840:93a1
Public Scan
URL:
https://www.mongodb.com/alerts
Submission: On December 19 via api from DE — Scanned from DE
Submission: On December 19 via api from DE — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://www.mongodb.com/search
<form role="search" method="GET" action="https://www.mongodb.com/search" class="css-1c69emu">
<div class="css-87svlz">
<div class="css-36i4c2"><input type="text" placeholder="Search products, whitepapers, & more..." value="" class="css-etrcff"></div>
<div class="css-v2nqhr">
<div class="css-aef77t"><button role="button" type="button" class="css-14k7wrz"><span data-testid="selected-value" class="css-6k4l2y">General Information</span>
<div class="css-109dpaz"><svg data-testid="icon" width="16" height="9" viewBox="0 0 16 9" fill="none" xmlns="http://www.w3.org/2000/svg" class="css-1yzkxhp">
<path d="M1.06689 0.799988L8.00023 7.73332L14.9336 0.799988" stroke-linecap="round" stroke-linejoin="round" class="css-1tlq8q9"></path>
</svg></div>
</button>
<div class="css-hn9qqo">
<ul data-testid="options" role="listbox" class="css-ac9zo2">
<li role="option" tabindex="0" class="css-11dtrvq">General Information</li>
<li role="option" tabindex="0" class="css-11dtrvq">All Documentation</li>
<li role="option" tabindex="0" class="css-11dtrvq">Realm Documentation</li>
<li role="option" tabindex="0" class="css-11dtrvq">Developer Articles & Topics</li>
<li role="option" tabindex="0" class="css-11dtrvq">Community Forums</li>
<li role="option" tabindex="0" class="css-11dtrvq">Blog</li>
<li role="option" tabindex="0" class="css-11dtrvq">University</li>
</ul>
</div>
</div><input type="hidden" id="addsearch" name="addsearch" value="">
<div class="css-1myrko"><button type="submit" tabindex="0" data-track="true" class=" css-13l1z36"><img alt="search icon" src="https://webimages.mongodb.com/_com_assets/cms/krc3hljsdwdfd2w5d-web-actions-search.svg?auto=format%252Ccompress"
class="css-r9fohf"></button></div>
</div>
</div>
</form>Text Content
New
{New} Announcing MongoDB Atlas Vector Search and Dedicated Search Nodes for
genAI use cases
General Information
* General Information
* All Documentation
* Realm Documentation
* Developer Articles & Topics
* Community Forums
* Blog
* University
* Products
Platform
AtlasBuild on a developer data platform
Platform Services
DatabaseDeploy a multi-cloud databaseSearchDeliver engaging search
experiencesVector SearchDesign intelligent apps with GenAIStream Processing
(Preview)Unify data in motion and data at rest
Tools
CompassWork with MongoDB data in a GUIIntegrationsIntegrations with
third-party servicesRelational MigratorMigrate to MongoDB with confidence
Self Managed
Enterprise AdvancedRun and manage MongoDB yourselfCommunity EditionDevelop
locally with MongoDB
Build with MongoDB Atlas
Get started for free in minutes
Sign Up
Test Enterprise Advanced
Develop with MongoDB on-premises
Download
Try Community Edition
Explore the latest version of MongoDB
Download
* Resources
Documentation
Atlas DocumentationGet started using AtlasServer DocumentationLearn to use
MongoDBStart With GuidesGet step-by-step guidance for key tasks
Tools and ConnectorsLearn how to connect to MongoDBMongoDB DriversUse drivers
and libraries for MongoDB
AI Resources HubGet help building the next big thing in AI with
MongoDBarrow-right
Connect
Developer CenterExplore a wide range of developer resourcesCommunityJoin a
global community of developersCourses and CertificationLearn for free from
MongoDBWebinars and EventsFind a webinar or event near you
* Solutions
Use cases
Artificial IntelligenceEdge ComputingInternet of
ThingsMobilePaymentsServerless Development
Industries
Financial ServicesTelecommunicationsHealthcareRetailPublic
SectorManufacturing
Solutions LibraryOrganized and tailored solutions to kick-start
projectsarrow-right
Developer Data Platform
Accelerate innovation at scale
Learn morearrow-right
Startups and AI Innovators
For world-changing ideas and AI pioneers
Learn morearrow-right
Customer Case Studies
Hear directly from our users
See Storiesarrow-right
* Company
CareersStart your next adventureBlogRead articles and
announcementsNewsroomRead press releases and news stories
PartnersLearn about our partner ecosystemLeadershipMeet our executive
teamCompanyLearn more about who we are
Contact Us
Reach out to MongoDB
Let’s chatarrow-right
Investors
Visit our investor portal
Learn morearrow-right
* Pricing
SupportSign In
Try Free
menu-vertical
MONGODB ALERTS
This page lists critical alerts and advisories for MongoDB. See the MongoDB JIRA
for a comprehensive list of bugs and feature requests.
RSS Feed
General
Data integrity related
Operations Related
Security Related
GENERAL
MONGODB SECURITY NOTICE
12/18/23 - 9:00 PM EST
We continue to find no evidence of unauthorized access to MongoDB Atlas clusters
or the Atlas cluster authentication system. Our investigation and work with the
relevant authorities is ongoing. MongoDB will update this alert page with
pertinent information as we further investigate the matter.
At this time, as a result of our investigation in collaboration with outside
experts, we have high confidence that we were victims of a phishing attack.
Through our investigation, we have identified certain information that may be
helpful to protect yourself against a potential attack by this unauthorized
party:
Indicators of Compromise (IOCs)
The unauthorized party used the Mullvad VPN. Mullvad has many external IP
addresses, and there are many VPNs that can be used to hide an IP address. In
this case, we saw malicious activity coming from the following IP addresses:
* 107.150.22.47
* 138.199.6.199
* 146.70.187.157
* 179.43.189.85
* 185.156.46.165
* 198.44.136.69
* 198.44.136.71
* 198.44.140.133
* 198.44.140.199
* 199.116.118.207
* 206.217.205.88
* 66.63.167.152
* 66.63.167.154
* 87.249.134.10
* 96.44.191.132
We recommend using the above information to search your networks for suspicious
activity. We are committed to being as transparent in this process as we can and
providing information so you can assess risk in your network.
In regards to our previous guidance, here are instructions on how to enable
phishing-resistant MFA on MongoDB’s native cloud authentication service. MongoDB
Cloud also supports federating your identity from your IDP, please see here.
We have fielded questions from some customers about the authenticity of the
e-mail titled: MongoDB Security Notice that our Chief Information Security
Officer, Lena Smart, sent over the weekend from mongodbteam@mail1.mongodb.com.
We can confirm that this email is legitimate.
12/17/23 - 9:00 PM EST
At this time, we have found no evidence of unauthorized access to MongoDB Atlas
clusters. To be clear, we have not identified any security vulnerability in any
MongoDB product as a result of this incident. It is important to note that
MongoDB Atlas cluster access is authenticated via a separate system from MongoDB
corporate systems, and we have found no evidence that the Atlas cluster
authentication system has been compromised.
We are aware of unauthorized access to some corporate systems that contain
customer names, phone numbers, and email addresses among other customer account
metadata, including system logs for one customer. We have notified the affected
customer. At this time, we have found no evidence that any other customers’
system logs were accessed.
We are continuing with our investigation, and are working with relevant
authorities and forensic firms. MongoDB will update this alert page with
additional information as we continue to investigate the matter.
All updates >
12/18/23 - 9:00 PM EST
We continue to find no evidence of unauthorized access to MongoDB Atlas clusters
or the Atlas cluster authentication system. Our investigation and work with the
relevant authorities is ongoing. MongoDB will update this alert page with
pertinent information as we further investigate the matter.
At this time, as a result of our investigation in collaboration with outside
experts, we have high confidence that we were victims of a phishing attack.
Through our investigation, we have identified certain information that may be
helpful to protect yourself against a potential attack by this unauthorized
party:
Indicators of Compromise (IOCs)
The unauthorized party used the Mullvad VPN. Mullvad has many external IP
addresses, and there are many VPNs that can be used to hide an IP address. In
this case, we saw malicious activity coming from the following IP addresses:
* 107.150.22.47
* 138.199.6.199
* 146.70.187.157
* 179.43.189.85
* 185.156.46.165
* 198.44.136.69
* 198.44.136.71
* 198.44.140.133
* 198.44.140.199
* 199.116.118.207
* 206.217.205.88
* 66.63.167.152
* 66.63.167.154
* 87.249.134.10
* 96.44.191.132
We recommend using the above information to search your networks for suspicious
activity. We are committed to being as transparent in this process as we can and
providing information so you can assess risk in your network.
In regards to our previous guidance, here are instructions on how to enable
phishing-resistant MFA on MongoDB’s native cloud authentication service. MongoDB
Cloud also supports federating your identity from your IDP, please see here.
We have fielded questions from some customers about the authenticity of the
e-mail titled: MongoDB Security Notice that our Chief Information Security
Officer, Lena Smart, sent over the weekend from mongodbteam@mail1.mongodb.com.
We can confirm that this email is legitimate.
12/17/23 - 9:00 PM EST
At this time, we have found no evidence of unauthorized access to MongoDB Atlas
clusters. To be clear, we have not identified any security vulnerability in any
MongoDB product as a result of this incident. It is important to note that
MongoDB Atlas cluster access is authenticated via a separate system from MongoDB
corporate systems, and we have found no evidence that the Atlas cluster
authentication system has been compromised.
We are aware of unauthorized access to some corporate systems that contain
customer names, phone numbers, and email addresses among other customer account
metadata, including system logs for one customer. We have notified the affected
customer. At this time, we have found no evidence that any other customers’
system logs were accessed.
We are continuing with our investigation, and are working with relevant
authorities and forensic firms. MongoDB will update this alert page with
additional information as we continue to investigate the matter.
12/16/2023 - 05:25 PM EST
We are experiencing a spike in login attempts resulting in issues for customers
attempting to log in to Atlas and our Support Portal. This is unrelated to the
security incident. Please try again in a few minutes if you are still having
trouble logging in. [The issue involving user login attempts has been resolved
as of 10:22 PM EST]
12/16/2023 - 03:00 PM EST
MongoDB is actively investigating a security incident involving unauthorized
access to certain MongoDB corporate systems, which includes exposure of customer
account metadata and contact information. We detected suspicious activity on
Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately
activated our incident response process, and believe that this unauthorized
access has been going on for some period of time before discovery. At this time,
we are not aware of any exposure to the data that customers store in MongoDB
Atlas. Nevertheless, we recommend that customers be vigilant for social
engineering and phishing attacks, activate phishing-resistant multi-factor
authentication (MFA), and regularly rotate their MongoDB Atlas passwords.
MongoDB will update this alert page with additional information as we continue
to investigate the matter.
DATA INTEGRITY RELATED
11/29/2023
An issue affecting inserts to Sharded Time Series collections can result in
inserted documents on these collections to be immediately orphaned, leading to
documents not being returned by queries and potential data loss.
Affects:
MongoDB Server
versions:
5.0.6 - 5.0.21
6.0.0 - 6.0.11
7.0.0 - 7.0.2
Reference Link →
11/10/2023
A race condition in mongosync 1.5 can lead to some writes on the source not
being replicated to the destination. Upgrade to version 1.6 or later.
Affects:
Cluster-to-Cluster Sync (mongosync)
versions:
1.5.0
Reference Link →
05/23/2023
A storage engine issue can cause inconsistent incremental Ops Manager and Cloud
Manager backups. Clusters restored from affected incremental backups can crash
with checksum errors. Atlas customers/backups are not affected.
Affects:
Ops Manager and Cloud Manager
versions:
4.4.8 - 4.4.21
5.0.2 - 5.0.17
6.0.0 - 6.0.5
Reference Link →
03/14/2023
A storage engine bug in MongoDB running on ARM64 or POWER architectures may
store documents or index entries out of order, leading to inconsistencies and
improperly sorted or incomplete query results.
Affects:
MongoDB Server
versions:
4.2.0 - 4.2.23
4.4.0 - 4.4.18
5.0.0 - 5.0.14
6.0.0 - 6.0.4
6.1.0 - 6.2.0
Reference Link →
09/19/2022
A MongoDB agent issue in Atlas, Ops Manager, and Cloud Manager can cause
automated "rolling index builds" to introduce index inconsistencies. MongoDB
clusters on other platforms are not affected.
Affects:
Atlas, Ops Manager, and Cloud Manager
versions:
MongoDB versions 4.2.19+, 4.4.13+, 5.0.6+, 5.1-5.3, and 6.0.0+ running on:
- Atlas - a fix has been released on Atlas, but clusters may have been impacted
in the past.
- Ops Manager versions 5.0.10-5.0.14 and 6.0.0-6.0.2
- Cloud Manager running MongoDB Agent version from 11.13.0.7438-1 to
12.4.0.7702-1
Reference Link →
08/11/2022
A behavior change for improperly configured time-to-live (TTL) indexes can
suddenly expire documents when upgrading to MongoDB 5.0 or 6.0 from version 4.4
or earlier.
Affects:
MongoDB Server
versions:
5.0.X
6.0.X
Reference Link →
08/10/2022
A sharding metadata bug in MongoDB versions 5.0.0-5.0.10 and 6.0.0 can introduce
corruption during a movePrimary command.
Affects:
MongoDB Server
versions:
5.0.0 - 5.0.10
6.0.0
Reference Link →
11/12/2021
A storage engine bug in MongoDB 4.4.3 and 4.4.4 can introduce corruption when
upgrading to 4.4.8-4.4.10 or 5.0.2-5.0.5. It is safe to upgrade from versions
4.4.3 and 4.4.4 directly to 4.4.11+ or 5.0.6+
Affects:
MongoDB Server
versions:
4.4.3
4.4.4
Reference Link →
09/22/2021
A storage engine bug in MongoDB 4.4.2-4.4.8, and 5.0.0-5.0.2 can cause
inconsistent data after an unclean shutdown and restart. Upgrade to version
4.4.9 or 5.0.3.
Affects:
MongoDB Server
versions:
4.4.2-4.4.8
5.0.0-5.0.2
Reference Link →
09/22/2021
A storage engine bug in MongoDB 4.4.8 can cause inconsistent data after an
unclean shutdown and restart. Upgrade to version 4.4.9.
Affects:
MongoDB Server
versions:
4.4.8
Reference Link →
08/06/2021
A storage engine bug in MongoDB 4.4.7, 5.0.0, and 5.0.1 allows some inserts to
violate unique index constraints. Upgrade to version 4.4.8 or 5.0.2.
Affects:
MongoDB Server
versions:
4.4.7
5.0.0
5.0.1
Reference Link →
05/19/2021
A storage engine bug in MongoDB 4.4.5 causes crashes on startup and may cause
temporary query correctness issues. Upgrade to version 4.4.6.
Affects:
MongoDB Server
versions:
4.4.5
Reference Link →
10/12/2020
Possible Corruption of Backup Snapshots on certain MongoDB 4.2+ Products
Affects:
MongoDB Server
versions:
4.2+
Reference Link →
06/16/2020
Possible buffer overflow may result cause in-memory corruption on MongoDB 4.2.7
with incremental backup enabled.
Affects:
MongoDB Server
versions:
4.2.7
Reference Link →
01/09/2020
A memory management bug can cause lost documents and index inconsistencies on
replica set secondaries that restart during index builds.
Affects:
MongoDB Server
versions:
4.2.0
4.2.1
Reference Link →
01/07/2020
When MongoDB recovers from an unclean shutdown, it is possible for the recovery
process to corrupt documents that have received size-changing updates.
Affects:
MongoDB Server
versions:
3.6.14
3.6.15
Reference Link →
09/23/2019
A memory management bug can cause failed operations, process crashes, and
in-memory corruption of data that may be persisted to disk.
Affects:
MongoDB Server
versions:
4.2.0
Reference Link →
02/22/2018
We have identified a bug in MongoDB Compass where modification or deletion of a
document through Compass may occur on a different document than expected under
certain specific conditions.
Affects:
Compass
versions:
1.3.x - 1.11.1
Reference Link →
05/03/2016
While a background index build is in progress, document updates modifying fields
contained in the index specification may, under specific circumstances, cause
mismatched index entries to appear. This has an impact on queries that use
affected indexes.
Affects:
Indexing
versions:
3.0
3.2
Reference Link →
03/30/2016
During chunk migrations, insert and update operations affecting data within a
migrating chunk are not reflected to the recipient shard, resulting in data
loss.
Affects:
Sharding
versions:
3.0.9
3.0.10
Reference Link →
12/16/2015
In a replica set, if a secondary node is shut down cleanly while replicating
writes, the node may mark certain replicated operations as successfully applied
even though they have not.
Affects:
Replication
versions:
3.2.0
Reference Link →
12/09/2015
A race condition in WiredTiger may prevent a write operation from becoming
immediately visible to subsequent read operations, which may result in various
problems, primarily impacting replication.
Affects:
WiredTiger
versions:
3.0.0 - 3.0.7
Reference Link →
06/15/2015
Sharded clusters where the balancer is enabled (or there are manual chunk
migrations), containing WiredTiger nodes that may become primary, may lose
writes to a chunk being migrated if that chunk is under a heavy write load.
Affects:
Sharding
versions:
3.0.0 - 3.0.3
Reference Link →
10/02/2014
MongoDB installations on certain 3.x Linux kernels running on VMWare and using
virtual SCSI disks managed by LVM may see corruption in namespace (.ns) files.
Affects:
Storage
versions:
2.4.11
2.6.4
Reference Link →
08/03/2014
An update to a text-indexed field may fail to update the text index. As a
result, a text search may not match the field contents, yielding incorrect
search results.
Affects:
Text Search
versions:
2.4.0 - 2.4.10
2.6.0
Reference Link →
01/01/2014
Under very rare circumstances mongos may incorrectly report a write as
successful.
Affects:
Sharding
versions:
2.2.0 - 2.2.6
2.4.0 - 2.4.8
Reference Link →
10/21/2013
During a chunk migration in a sharded cluster, if one of the documents in the
chunk has a size in the range of 16,776,185 and 16,777,216 bytes (inclusive),
then some documents may be lost during the migration process
Affects:
Sharding
versions:
2.2.0 - 2.2.5
2.4.0 - 2.4.4
Reference Link →
03/21/2013
Secondary indexes (i.e. all indexes other than _id) may be corrupted on an
initial sync if write operations are performed on the sync source during the
initial sync.
Affects:
Replication
versions:
2.4.0
Reference Link →
OPERATIONS RELATED
10/29/2013
Caching of dbhash results may result in stale values, potentially causing
disagreement among sharded cluster config servers.
Affects:
MongoDB Server
versions:
2.4.7
Reference Link →
SECURITY RELATED
11/07/2023
CVE-2023-0436
4.5
SECRET LOGGING MAY OCCUR IN DEBUG MODE OF ATLAS OPERATOR
The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive
information...
View more...
Affects:
MongoDB Atlas Kubernetes Operator
versions:
1.5.0 affects 1.7.0 and prior versions
Reference Link →
08/29/2023
CVE-2021-32050
4.2
SOME MONGODB DRIVERS MAY PUBLISH EVENTS CONTAINING AUTHENTICATION-RELATED DATA
TO A COMMAND LISTENER CONFIGURED BY AN APPLICATION
Some MongoDB Drivers may erroneously publish events containing
authentication-related data...
View more...
Affects:
MongoDB C Driver
versions:
1.0.0 affects versions prior to 1.17.7
Reference Link →
08/23/2023
CVE-2023-1409
5.3
CERTIFICATE VALIDATION ISSUE IN MONGODB SERVER RUNNING ON WINDOWS OR MACOS
If the MongoDB Server running on Windows or macOS is configured to use TLS with
a specific...
View more...
Affects:
MongoDB Server
versions:
6.3 affects 6.3.2 and prior versions
5.0 affects 5.0.14 and prior versions
4.4 affects 4.4.23 and prior versions
Reference Link →
08/08/2023
CVE-2023-4009
7.2
PRIVILEGE ESCALATION FOR PROJECT OWNER AND PROJECT USER ADMIN ROLES IN OPS
MANAGER
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is
possible for an...
View more...
Affects:
MongoDB Ops Manager
versions:
6.0 affects versions prior to 6.0.17
5.0 affects versions prior to 5.0.22
Reference Link →
06/09/2023
CVE-2023-0342
3.1
MONGODB OPS MANAGER MAY DISCLOSE SENSITIVE INFORMATION IN DIAGNOSTIC ARCHIVE
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file
password app...
View more...
Affects:
MongoDB Ops Manager
versions:
v5.0 affects versions prior to 5.0.21
v6.0 affects versions prior to 6.0.12
Reference Link →
02/21/2023
CVE-2022-48282
6.6
DESERIALIZING COMPROMISED OBJECT WITH MONGODB .NET/C# DRIVER MAY CAUSE REMOTE
CODE EXECUTION
Under very specific circumstances (see Required configuration section below), a
privileged...
View more...
Affects:
MongoDB .NET/C# Driver
versions:
0 affects v2.18.0 and prior versions
Reference Link →
05/11/2022
CVE-2022-24272
6.5
MONGODB SERVER (MONGOD) MAY CRASH IN RESPONSE TO UNEXPECTED REQUESTS
An authenticated user may trigger an invariant assertion during command dispatch
due to in...
View more...
Affects:
MongoDB Server
versions:
5.0 affects 5.0.6 and prior versions
Reference Link →
04/12/2022
CVE-2021-32040
6.5
LARGE AGGREGATION PIPELINES WITH A SPECIFIC STAGE CAN CRASH MONGOD UNDER DEFAULT
CONFIGURATION
It may be possible to have an extremely long aggregation pipeline in conjunction
with a sp...
View more...
Affects:
MongoDB Server
versions:
5.0 affects versions prior to 5.0.4
4.4 affects versions prior to 4.4.11
4.2 affects versions prior to 4.2.16
Reference Link →
02/04/2022
CVE-2021-32036
5.4
DENIAL OF SERVICE AND DATA INTEGRITY VULNERABILITY IN FEATURES COMMAND
An authenticated user without any specific authorizations may be able to
repeatedly invoke...
View more...
Affects:
MongoDB Server
versions:
5.0 affects 5.0.3 and prior versions
4.4 affects 4.4.9 and prior versions
4.2 affects 4.2.16 and prior versions
4.0 affects 4.0.28 and prior versions
Reference Link →
01/20/2022
CVE-2021-32039
5.5
MONGODB EXTENSION FOR VS CODE MAY UNEXPECTEDLY STORE CREDENTIALS LOCALLY IN
CLEAR TEXT
Users with appropriate file access may be able to access unencrypted user
credentials save...
View more...
Affects:
MongoDB for VS Code
versions:
MongoDB for VS Code affects 0.7.0 and prior versions
Reference Link →
12/15/2021
CVE-2021-20330
6.5
SPECIFIC REPLICATION COMMAND WITH MALFORMED OPLOG ENTRIES CAN CRASH SECONDARIES
An attacker with basic CRUD permissions on a replicated collection can run the
applyOps co...
View more...
Affects:
MongoDB Server
versions:
4.0 affects versions prior to 4.0.27
4.2 affects versions prior to 4.2.16
4.4 affects versions prior to 4.4.9
Reference Link →
11/24/2021
CVE-2021-32037
6.5
USER MAY TRIGGER INVARIANT WHEN ALLOWED TO SEND COMMANDS DIRECTLY TO SHARDS
An authorized user may trigger an invariant which may result in denial of
service or serve...
View more...
Affects:
MongoDB Server
versions:
5.0 affects 5.0.2 and prior versions
Reference Link →
08/02/2021
CVE-2021-20332
4.2
MONGODB RUST DRIVER MAY PUBLISH EVENTS CONTAINING AUTHENTICATION-RELATED DATA TO
A CONNECTION POOL EVENT LISTENER CONFIGURED BY AN APPLICATION
Specific MongoDB Rust Driver versions can include credentials used by the
connection pool ...
View more...
Affects:
MongoDB Rust Driver
versions:
2.0.0-alpha
2.0.0-alpha1
1.0.0 affects 1.2.1 and prior versions
Reference Link →
07/23/2021
CVE-2021-20333
5.3
SERVER LOG ENTRY SPOOFING VIA NEWLINE INJECTION
Sending specially crafted commands to a MongoDB Server may result in artificial
log entrie...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.20
4.0 affects versions prior to 4.0.21
4.2 affects versions prior to 4.2.10
Reference Link →
06/10/2021
CVE-2021-20329
6.8
SPECIFIC CSTRINGS INPUT MAY NOT BE PROPERLY VALIDATED IN THE GO DRIVER
Specific cstrings input may not be properly validated in the MongoDB Go Driver
when marsha...
View more...
Affects:
MongoDB Go Driver
versions:
1.0 affects 1.5.0 and prior versions
Reference Link →
05/24/2021
CVE-2021-20331
4.2
MONGODB C# DRIVER MAY PUBLISH EVENTS CONTAINING AUTHENTICATION-RELATED DATA TO A
COMMAND LISTENER CONFIGURED BY AN APPLICATION
Specific versions of the MongoDB C# Driver may erroneously publish events
containing authe...
View more...
Affects:
MongoDB C# Driver
versions:
2.12 affects 2.12.1 and prior versions
Reference Link →
04/30/2021
CVE-2021-20326
6.5
SPECIALLY CRAFTED QUERY MAY RESULT IN A DENIAL OF SERVICE OF MONGOD
A user authorized to performing a specific type of find query may trigger a
denial of serv...
View more...
Affects:
MongoDB Server
versions:
4.4 affects versions prior to 4.4.4
Reference Link →
04/12/2021
CVE-2020-7924
4.2
SPECIFIC COMMAND LINE PARAMETER MIGHT RESULT IN ACCEPTING INVALID CERTIFICATE
Usage of specific command line parameter in MongoDB Tools which was originally
intended to...
View more...
Affects:
MongoDB Database Tools
versions:
3.6.5 affects versions prior to 3.6*
4.0 affects versions prior to 4.0.21
4.2 affects versions prior to 4.2.11
100 affects versions prior to 100.2.0
Reference Link →
04/06/2021
CVE-2021-20334
4.8
LOCAL PRIVILEGE ESCALATION IN MONGODB COMPASS FOR WINDOWS
A malicious 3rd party with local access to the Windows machine where MongoDB
Compass is in...
View more...
Affects:
MongoDB Compass
versions:
1.3.0 affects versions prior to 1.x*
Reference Link →
02/26/2021
CVE-2020-7929
6.5
SPECIALLY CRAFTED REGEX QUERY CAN CAUSE DOS
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.21
4.0 affects versions prior to 4.0.20
Reference Link →
02/26/2021
CVE-2018-25004
4.9
INVARIANT FAILURE WHEN EXPLAINING A FIND WITH A UUID
A user authorized to performing a specific type of query may trigger a denial of
service b...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.11
4.0 affects versions prior to 4.0.6
Reference Link →
02/25/2021
CVE-2021-20327
6.4
MONGODB NODE.JS CLIENT SIDE FIELD LEVEL ENCRYPTION LIBRARY MAY NOT BE VALIDATING
KMS CERTIFICATE
A specific version of the Node.js mongodb-client-encryption module does not
perform correc...
View more...
Affects:
mongodb-client-encryption module
versions:
1.2.0
Reference Link →
02/25/2021
CVE-2021-20328
6.4
MONGODB JAVA DRIVER CLIENT-SIDE FIELD LEVEL ENCRYPTION NOT VERIFYING KMS HOST
NAME
Specific versions of the Java driver that support client-side field level
encryption (CSFL...
View more...
Affects:
mongo-java-driver
versions:
3.11 affects 3.11.2 and prior versions
3.12 affects 3.12.7 and prior versions
Reference Link →
02/11/2021
CVE-2021-20335
6.7
SSL MAY BE UNEXPECTEDLY DISABLED DURING UPGRADE OF MULTIPLE-SERVER MONGODB OPS
MANAGER
For MongoDB Ops Manager <= 4.2.24 with multiple OM application servers, that
have SSL turn...
View more...
Affects:
Ops Manager
versions:
4.2 affects 4.2.24 and prior versions
Reference Link →
12/01/2020
CVE-2019-20924
6.5
INVARIANT IN INDEXBOUNDSBUILDER
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
4.2 affects versions prior to 4.2.2
Reference Link →
11/30/2020
CVE-2020-7925
7.5
DENIAL OF SERVICE WHEN PROCESSING MALFORMED ROLE NAMES
Incorrect validation of user input in the role name parser may lead to use of
uninitialize...
View more...
Affects:
MongoDB Server
versions:
4.2 affects versions prior to 4.2.9
4.4 affects versions prior to 4.4.0-rc12
Reference Link →
11/30/2020
CVE-2020-7926
6.5
SPECIFIC QUERY CAN CAUSE A DOS AGAINST MONGODB SERVER
A user authorized to perform database queries may cause denial of service by
issuing a spe...
View more...
Affects:
MongoDB Server
versions:
4.4 affects versions prior to 4.4.1
Reference Link →
11/30/2020
CVE-2020-7927
8.1
POTENTIAL PRIVILEGE ESCALATION IN OPS MANAGER API
Specially crafted API calls may allow an authenticated user who holds
Organization Owner p...
View more...
Affects:
MongoDB Ops Manager
versions:
4.2 affects 4.2.17 and prior versions
4.3 affects 4.3.9 and prior versions
4.4 affects 4.4.2 and prior versions
Reference Link →
11/30/2020
CVE-2019-2392
6.5
$MOD CAN RESULT IN UB
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.20
4.0 affects versions prior to 4.0.20
4.2 affects versions prior to 4.2.9
4.4 affects versions prior to 4.4.1
Reference Link →
11/30/2020
CVE-2019-2393
6.5
CRASH WHILE JOINING COLLECTIONS WITH $LOOKUP
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.15
4.0 affects versions prior to 4.0.13
4.2 affects versions prior to 4.2.1
Reference Link →
11/30/2020
CVE-2019-20923
6.5
CRASH WHILE HANDLING INTERNAL JAVASCRIPT EXCEPTION TYPES
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
4.0 affects versions prior to 4.0.7
Reference Link →
11/30/2020
CVE-2018-20802
6.5
POST-AUTH QUERIES ON COMPOUND INDEX MAY CRASH MONGOD
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.9
4.0 affects versions prior to 4.0.3
Reference Link →
11/30/2020
CVE-2018-20804
6.5
INVARIANT FAILURE IN APPLYOPS
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.13
4.0 affects versions prior to 4.0.10
Reference Link →
11/30/2020
CVE-2018-20805
6.5
INVARIANT WITH $ELEMMATCH
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
3.6 affects versions prior to 3.6.10
4.0 affects versions prior to 4.0.5
Reference Link →
11/24/2020
CVE-2019-20925
7.5
DENIAL OF SERVICE VIA MALFORMED NETWORK PACKET
An unauthenticated client can trigger denial of service by issuing specially
crafted wire ...
View more...
Affects:
MongoDB Server
versions:
4.2 affects versions prior to 4.2.1
4.0 affects versions prior to 4.0.13
3.6 affects versions prior to 3.6.15
3.4 affects versions prior to 3.4.24
Reference Link →
11/23/2020
CVE-2020-7928
6.5
IMPROPER NEUTRALIZATION OF NULL BYTE LEADS TO READ OVERRUN
A user authorized to perform database queries may trigger a read overrun and
access arbitr...
View more...
Affects:
MongoDB Server
versions:
4.4 affects versions prior to 4.4.1
4.2 affects versions prior to 4.2.9
4.0 affects versions prior to 4.0.20
3.6 affects versions prior to 3.6.20
Reference Link →
11/23/2020
CVE-2018-20803
6.5
INFINITE LOOP IN AGGREGATION EXPRESSION
A user authorized to perform database queries may trigger denial of service by
issuing spe...
View more...
Affects:
MongoDB Server
versions:
4.0 affects versions prior to 4.0.5
3.6 affects versions prior to 3.6.10
3.4 affects versions prior to 3.4.19
Reference Link →
08/21/2020
CVE-2020-7923
6.5
SPECIFIC GEOQUERY CAN CAUSE DOS AGAINST MONGODB SERVER
A user authorized to perform database queries may cause denial of service by
issuing speci...
View more...
Affects:
MongoDB Server
versions:
4.4 affects versions prior to 4.4.0-rc7
4.2 affects versions prior to 4.2.8
4.0 affects versions prior to 4.0.19
Reference Link →
05/13/2020
CVE-2019-2388
5.8
POTENTIAL EXPOSURE OF LOG INFORMATION IN OPS MANAGER
In affected Ops Manager versions there is an exposed http route was that may
allow attacke...
View more...
Affects:
Ops Manager
versions:
4.0.9
4.0.10
4.1.5
Reference Link →
05/06/2020
CVE-2020-7921
4.6
ADMINISTRATIVE ACTION MAY DISABLE ENFORCEMENT OF PER-USER IP WHITELISTING
Improper serialization of internal state in the authorization subsystem in
MongoDB Server'...
View more...
Affects:
MongoDB Server
versions:
4.2 affects versions prior to 4.2.3
4.0 affects versions prior to 4.0.15
3.6 affects versions prior to 3.6.18
4.3 affects versions prior to 4.3.3
Reference Link →
04/09/2020
CVE-2020-7922
6.4
KUBERNETES OPERATOR GENERATES POTENTIALLY INSECURE CERTIFICATES
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may
allow an at...
View more...
Affects:
MongoDB Enterprise Kubernetes Operator
versions:
1.0
1.1
1.2 affects 1.2.4 and prior versions
1.3 affects 1.3.1 and prior versions
1.4 affects 1.4.4 and prior versions
Reference Link →
03/31/2020
CVE-2019-2391
4.2
JS-BSON MAY INCORRECTLY SERIALISE SOME REQUESTS
Incorrect parsing of certain JSON input may result in js-bson not correctly
serializing BS...
View more...
Affects:
js-bson
versions:
1.0 affects 1.1.3 and prior versions
Reference Link →
08/30/2019
CVE-2019-2389
5.3
PROCESS TERMINATION VIA PID FILE MANIPULATION
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init
scripts allow ...
View more...
Affects:
MongoDB Server
versions:
4.0 affects versions prior to 4.0.11
3.6 affects versions prior to 3.6.14
3.4 affects versions prior to 3.4.22
Reference Link →
08/30/2019
CVE-2019-2390
8.2
CODE EXECUTION ON WINDOWS VIA OPENSSL ENGINE INJECTION
An unprivileged user or program on Microsoft Windows which can create OpenSSL
configuratio...
View more...
Affects:
MongoDB Server
versions:
4.0 affects versions prior to 4.0.11
3.6 affects versions prior to 3.6.14
3.4 affects versions prior to 3.4.22
Reference Link →
08/06/2019
CVE-2019-2386
7.1
AUTHORIZATION SESSION CONFLATION
After user deletion in MongoDB Server the improper invalidation of authorization
sessions ...
View more...
Affects:
MongoDB Server
versions:
4.0 affects versions prior to 4.0.9
3.6 affects versions prior to 3.6.13
3.4 affects versions prior to 3.4.22
Reference Link →
English
* English
* Português
* Español
* 한국어
* 日本語
* Italiano
* Deutsch
* Français
* 简体中文
© 2023 MongoDB, Inc.
About
* Careers
* Investor Relations
* Legal Notices
* Privacy Notices
* Security Information
* Trust Center
Support
* Contact Us
* Customer Portal
* Atlas Status
* Customer Support
Social
* GitHub
* Stack Overflow
* LinkedIn
* YouTube
* Twitter
* Twitch
* Facebook
© 2023 MongoDB, Inc.
PRIVACY PREFERENCE CENTER
"Cookies" are small files that enable us to store information while you visit
one of our websites. When you visit any website, it may store or retrieve
information on your browser, mostly in the form of cookies. This information
might be about you, your preferences or your device and is mostly used to make
the site work as you expect it to. The information does not usually directly
identify you, but it can give you a more personalized web experience. Because we
respect your right to privacy, you can choose not to allow some types of
cookies, but essential cookies are always enabled. Click on the different
category headings to find out more and change our default settings. However,
blocking some types of cookies may impact your experience of the site and the
services we are able to offer.
MongoDB Privacy Policy
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be able
to use or see these sharing tools.
BACK BUTTON PERFORMANCE COOKIES
Vendor Search Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm My Choices
By clicking "Accept All Cookies", you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts. You can enable and disable optional cookies as desired.Read
our Privacy Policy
Manage Cookies Accept All Cookies