Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-50605

Add {logMessage: "msg"} test-only command

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.7.0, 4.4.2, 4.2.11, 3.6.21, 4.0.22
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Backport Requested:
      v4.4, v4.2, v4.0, v3.6
    • Sprint:
      Security 2020-09-07

      Description

      CVE ID: CVE-2021-20333

      Title: Server log entry spoofing via newline injection

      Description: Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.

      CVSSv3: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

      CWE ID: CWE-117: Improper Output Neutralization for Logs

      Affected products: mongod and mongos servers

      Affected versions: 4.2.0-4.2.10, 4.0.0-4.0.21, 3.6.0-3.6.20

      Fixes available: 4.2.11+, 4.0.22+, 3.6.21+, as well as all releases from 4.4.0 onwards

      Discovery: Internally

        Attachments

          Activity

            People

            Assignee:
            sara.golemon Sara Golemon
            Reporter:
            sara.golemon Sara Golemon
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: