[SERVER-50605] Add {logMessage: "msg"} test-only command - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.7.0, 4.4.2, 4.2.11, 3.6.21, 4.0.22
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Backport Requested:

v4.4, v4.2, v4.0, v3.6
Sprint:
Security 2020-09-07

Description

CVE ID: CVE-2021-20333

Title: Server log entry spoofing via newline injection

Description: Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.

CVSSv3: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE ID: CWE-117: Improper Output Neutralization for Logs

Affected products: mongod and mongos servers

Affected versions: 4.2.0-4.2.10, 4.0.0-4.0.21, 3.6.0-3.6.20

Fixes available: 4.2.11+, 4.0.22+, 3.6.21+, as well as all releases from 4.4.0 onwards

Discovery: Internally

Attachments

Activity

People

Assignee:: Sara Golemon

Reporter:: Sara Golemon

Participants:: Githook User, Sara Golemon

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: Aug 28 2020 02:51:15 PM UTC

Updated:: Jul 23 2021 11:23:37 AM UTC

Resolved:: Sep 01 2020 05:04:36 PM UTC