Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mongodb/mongodb@1.0.0
Typecomposer
Namespacemongodb
Namemongodb
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.9.2
Latest_non_vulnerable_version1.9.2
Affected_by_vulnerabilities
0
url VCID-abn7-25mj-gfcq
vulnerability_id VCID-abn7-25mj-gfcq
summary 
MongoDB Driver may publish events containing authentication-related data
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
references
0
reference_url https://github.com/mongodb/mongo-php-driver/commit/4495de8313c0d313e4dde906fc7aedf998ee3748
reference_id
reference_type
scores
url https://github.com/mongodb/mongo-php-driver/commit/4495de8313c0d313e4dde906fc7aedf998ee3748
1
reference_url https://github.com/mongodb/mongo-php-driver/pull/1235
reference_id
reference_type
scores
url https://github.com/mongodb/mongo-php-driver/pull/1235
2
reference_url https://github.com/mongodb/mongo-swift-driver/pull/643
reference_id
reference_type
scores
url https://github.com/mongodb/mongo-swift-driver/pull/643
3
reference_url https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0
reference_id
reference_type
scores
url https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0
4
reference_url https://jira.mongodb.org/browse/CDRIVER-3797
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/CDRIVER-3797
5
reference_url https://jira.mongodb.org/browse/CXX-2028
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/CXX-2028
6
reference_url https://jira.mongodb.org/browse/NODE-3356
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/NODE-3356
7
reference_url https://jira.mongodb.org/browse/PHPC-1869
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/PHPC-1869
8
reference_url https://jira.mongodb.org/browse/SWIFT-1229
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/SWIFT-1229
9
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
10
reference_url https://security.netapp.com/advisory/ntap-20231006-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231006-0001
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32050
reference_id CVE-2021-32050
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32050
12
reference_url https://github.com/advisories/GHSA-vxvm-qww3-2fh7
reference_id GHSA-vxvm-qww3-2fh7
reference_type
scores
url https://github.com/advisories/GHSA-vxvm-qww3-2fh7
fixed_packages
0
url pkg:composer/mongodb/mongodb@1.9.2
purl pkg:composer/mongodb/mongodb@1.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mongodb/mongodb@1.9.2
aliases CVE-2021-32050, GHSA-vxvm-qww3-2fh7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abn7-25mj-gfcq
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mongodb/mongodb@1.0.0