Major - P3
Issue Status as of Aug 08, 2014
Using a specially crafted message, a remote user could obtain a limited amount of information from the server heap memory.
Potentially sensitive information could be disclosed from the server.
Implement MongoDB Security Best Practices and ensure access to the database server is restricted.
MongoDB production releases up to 2.6.3 are affected by this issue.
The fix is included in the 2.6.4 production release.
The response sent by the server returns only validated data.