Vulnerabilities > Mongodb

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-24272 Reachable Assertion vulnerability in Mongodb
An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database.
network
low complexity
mongodb CWE-617
4.0
2022-04-12 CVE-2021-32040 Out-of-bounds Write vulnerability in Mongodb
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage.
network
low complexity
mongodb CWE-787
5.0
2022-02-04 CVE-2021-32036 Allocation of Resources Without Limits or Throttling vulnerability in Mongodb
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention.
network
low complexity
mongodb CWE-770
5.5
2022-01-20 CVE-2021-32039 Insufficiently Protected Credentials vulnerability in Mongodb
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file.
local
low complexity
mongodb CWE-522
2.1
2021-12-15 CVE-2021-20330 Improper Input Validation vulnerability in Mongodb
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries.
network
low complexity
mongodb CWE-20
4.0
2021-11-24 CVE-2021-32037 Reachable Assertion vulnerability in Mongodb 5.0.0/5.0.1/5.0.2
An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard.
network
low complexity
mongodb CWE-617
4.0
2021-08-02 CVE-2021-20332 Unspecified vulnerability in Mongodb Rust Driver
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created.
local
low complexity
mongodb
2.1
2021-07-23 CVE-2021-20333 Improper Encoding or Escaping of Output vulnerability in Mongodb
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.
network
low complexity
mongodb CWE-116
5.0
2021-06-10 CVE-2021-20329 Improper Input Validation vulnerability in Mongodb GO Driver
Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON.
network
low complexity
mongodb CWE-20
4.0
2021-05-13 CVE-2021-20331 Information Exposure vulnerability in Mongodb C# Driver 2.11.0/2.12.0/2.12.1
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application.
network
mongodb CWE-200
3.5