Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines
Vulnerability Description
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryptd binary (v5.0 versions prior to 5.0.29, v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) and mongo_crypt_v1.so shared libraries (v6.0 versions prior to 6.0.17, v7.0 versions prior to 7.0.12 and v7.3 versions prior to 7.3.4) released alongside MongoDB Enterprise Server versions.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
敏感数据的明文传输
Vulnerability Title
MongoDB mongocryptd和MongoDB Mongo_crypt_v1.so 安全漏洞
Vulnerability Description
MongoDB mongocryptd和MongoDB Mongo_crypt_v1.so都是美国MongoDB公司的产品。MongoDB mongocryptd是一个客户端加密库。MongoDB Mongo_crypt_v1.so是一个自动加密共享库,用于执行加密和解密操作。 MongoDB mongocryptd和MongoDB Mongo_crypt_v1.so存在安全漏洞,该漏洞源于某些查询分析中的错误,可能导致加密字段表达式中的字面值以明文形式而非密文形式发送到服务器。以下产品及版本受到影响:m
CVSS Information
N/A
Vulnerability Type
N/A