cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-0437,https://securityvulnerability.io/vulnerability/CVE-2023-0437,MongoDB client C Driver may infinitely loop when validating certain BSON input data,"An issue has been identified within the MongoDB C Driver where the bson_utf8_validate function may enter an infinite loop when processing certain inputs. This situation arises due to a specific exit condition that cannot be met, leading to prolonged resource usage and potential service disruptions. All versions prior to 1.25.0 of the MongoDB C Driver are impacted, necessitating immediate updates to prevent exploitation of this vulnerability.",MongoDB,Mongodb C Driver,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-01-12T13:33:39.503Z,0
CVE-2021-32050,https://securityvulnerability.io/vulnerability/CVE-2021-32050,Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application,"Certain MongoDB Drivers may mistakenly expose sensitive authentication data through a command listener that can be configured by applications. When specific authentication commands are executed, this information is published as events. If an application has the command listener feature enabled-a setting that is not activated by default-it may inadvertently log this sensitive information, posing a significant risk of data exposure. Users are encouraged to review product versions and implement protections accordingly.",MongoDB,"Mongodb C Driver,Mongodb C++ Driver,Mongodb PHP Driver,Mongodb Swift Driver,Mongodb Node.js Driver",7.5,HIGH,0.0019099999917671084,false,,false,false,false,,,false,false,,2023-08-29T15:24:30.389Z,0
CVE-2021-20331,https://securityvulnerability.io/vulnerability/CVE-2021-20331,MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application,"Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as ""saslStart"", ""saslContinue"", ""isMaster"", ""createUser"", and ""updateUser"" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1.",MongoDB,Mongodb C# Driver,4.9,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-05-13T08:15:00.000Z,0