[SERVER-50605] Add {logMessage: "msg"} test-only command Created: 28/Aug/20 Updated: 29/Oct/23 Resolved: 01/Sep/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.7.0, 4.4.2, 4.2.11, 3.6.21, 4.0.22 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Sara Golemon | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Backport Requested: |
v4.4, v4.2, v4.0, v3.6
|
||||||||
| Sprint: | Security 2020-09-07 | ||||||||
| Participants: | |||||||||
| Description |
|
CVE ID: CVE-2021-20333 Title: Server log entry spoofing via newline injection Description: Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. CVSSv3: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CWE ID: CWE-117: Improper Output Neutralization for Logs Affected products: mongod and mongos servers Affected versions: 4.2.0-4.2.10, 4.0.0-4.0.21, 3.6.0-3.6.20 Fixes available: 4.2.11+, 4.0.22+, 3.6.21+, as well as all releases from 4.4.0 onwards Discovery: Internally |
| Comments |
| Comment by Githook User [ 22/Oct/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: (cherry picked from commit cbdf4deaa4ef4352750893ab0b4b276b86e3026f) |
| Comment by Githook User [ 22/Oct/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: (cherry picked from commit cbdf4deaa4ef4352750893ab0b4b276b86e3026f) |
| Comment by Githook User [ 21/Oct/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: Based on: Refactored to accomodate logv1 |
| Comment by Githook User [ 17/Sep/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |
| Comment by Githook User [ 17/Sep/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |
| Comment by Githook User [ 01/Sep/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |
| Comment by Githook User [ 01/Sep/20 ] |
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |