Eliot Horowitz discovered that MongoDB may fail to validate some instances of malformed BSON. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-1609) It was discovered that MongoDB read raw permissions from .dbshell history files. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6494) Travis Brown discovered that MongoDB may be unable to parse specially crafted UTF-8 strings in BSON requests. A remote attacker could possibly use this issue to cause MongoDB to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-20802)
Continue reading...
Continue reading...
