Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server log entry spoofing via newline injection
Vulnerability Description
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
日志输出的转义处理不恰当
Vulnerability Title
MongoDB Server 安全漏洞
Vulnerability Description
Mongodb Server是美国Mongodb公司的一套开源的NoSQL数据库。该数据库提供面向集合的存储、动态查询、数据复制及自动故障转移等功能。 MongoDB Server存在安全漏洞,该漏洞源于向MongoDB服务器发送特别制作的命令可能会导致生成人工日志条目或分割日志条目。
CVSS Information
N/A
Vulnerability Type
N/A