CVE ID: CVE-2021-20333
Title: Server log entry spoofing via newline injection
Description: Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.
CVSSv3: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE ID: CWE-117: Improper Output Neutralization for Logs
Affected products: mongod and mongos servers
Affected versions: 4.2.0-4.2.10, 4.0.0-4.0.21, 3.6.0-3.6.20
Fixes available: 4.2.11+, 4.0.22+, 3.6.21+, as well as all releases from 4.4.0 onwards