Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-abn7-25mj-gfcq
Summary
MongoDB Driver may publish events containing authentication-related data
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
Aliases
0
alias CVE-2021-32050
1
alias GHSA-vxvm-qww3-2fh7
Fixed_packages
0
url pkg:composer/mongodb/mongodb@1.9.2
purl pkg:composer/mongodb/mongodb@1.9.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mongodb/mongodb@1.9.2
1
url pkg:npm/mongodb@3.6.10
purl pkg:npm/mongodb@3.6.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongodb@3.6.10
2
url pkg:npm/mongodb@4.17.0
purl pkg:npm/mongodb@4.17.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongodb@4.17.0
3
url pkg:npm/mongodb@5.8.0
purl pkg:npm/mongodb@5.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongodb@5.8.0
Affected_packages
0
url pkg:composer/mongodb/mongodb@1.0.0
purl pkg:composer/mongodb/mongodb@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abn7-25mj-gfcq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mongodb/mongodb@1.0.0
1
url pkg:npm/mongodb@3.6.0
purl pkg:npm/mongodb@3.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abn7-25mj-gfcq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongodb@3.6.0
2
url pkg:npm/mongodb@4.0.0
purl pkg:npm/mongodb@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abn7-25mj-gfcq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongodb@4.0.0
3
url pkg:npm/mongodb@5.0.0
purl pkg:npm/mongodb@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-abn7-25mj-gfcq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/mongodb@5.0.0
References
0
reference_url https://github.com/mongodb/mongo-php-driver/commit/4495de8313c0d313e4dde906fc7aedf998ee3748
reference_id
reference_type
scores
url https://github.com/mongodb/mongo-php-driver/commit/4495de8313c0d313e4dde906fc7aedf998ee3748
1
reference_url https://github.com/mongodb/mongo-php-driver/pull/1235
reference_id
reference_type
scores
url https://github.com/mongodb/mongo-php-driver/pull/1235
2
reference_url https://github.com/mongodb/mongo-swift-driver/pull/643
reference_id
reference_type
scores
url https://github.com/mongodb/mongo-swift-driver/pull/643
3
reference_url https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0
reference_id
reference_type
scores
url https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0
4
reference_url https://jira.mongodb.org/browse/CDRIVER-3797
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/CDRIVER-3797
5
reference_url https://jira.mongodb.org/browse/CXX-2028
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/CXX-2028
6
reference_url https://jira.mongodb.org/browse/NODE-3356
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/NODE-3356
7
reference_url https://jira.mongodb.org/browse/PHPC-1869
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/PHPC-1869
8
reference_url https://jira.mongodb.org/browse/SWIFT-1229
reference_id
reference_type
scores
url https://jira.mongodb.org/browse/SWIFT-1229
9
reference_url https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html
10
reference_url https://security.netapp.com/advisory/ntap-20231006-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231006-0001
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32050
reference_id CVE-2021-32050
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32050
12
reference_url https://github.com/advisories/GHSA-vxvm-qww3-2fh7
reference_id GHSA-vxvm-qww3-2fh7
reference_type
scores
url https://github.com/advisories/GHSA-vxvm-qww3-2fh7
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 532
name Insertion of Sensitive Information into Log File
description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-abn7-25mj-gfcq