MongoDB 5.0.20
Approved changes feed: RSS · Atom
cpe:2.3:a:mongodb:mongodb:5.0.20:*:*:*:*:*:*:*
part: a version: 5.0.20 update: *
| Vendor | Mongodb (1aa156a6-63a9-5032-baaf-10197d408a1e) |
|---|---|
| Product | Mongodb (fa9f1f9b-0cc9-5830-a189-b908276ac432) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/mongodb |
purl2cpe | 2026-06-01 10:11:17.859094 |
pkg:deb/ubuntu/mongodb |
purl2cpe | 2026-06-01 10:11:17.859096 |
pkg:github/mongodb/mongo |
purl2cpe | 2026-06-01 10:11:17.859097 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-6707 |
vulnerable | 2026-06-03 15:12:28.627122 |
Race condition in privilege cache invalidation cycle
MEDIUM (4.2)
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5.
Published: 2025-06-26T14:04:46.283Z
Updated: 2026-02-26T17:50:22.191Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3085 |
vulnerable | 2026-06-03 15:01:03.617052 |
MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked
HIGH (8.1)
A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.
Required Configuration : MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled
Published: 2025-04-01T12:05:05.401Z
Updated: 2025-04-01T13:03:02.701Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3084 |
vulnerable | 2026-06-03 15:01:03.601844 |
MongoDB Server may crash due to improper validation of explain command
MEDIUM (6.5)
When run on commands with certain arguments set, explain may fail to validate these arguments before using them. This can lead to crashes in router servers. This affects MongoDB Server v5.0 prior to 5.0.31, MongoDB Server v6.0 prior to 6.0.20, MongoDB Server v7.0 prior to 7.0.16 and MongoDB Server v8.0 prior to 8.0.4
Published: 2025-04-01T11:14:19.784Z
Updated: 2025-04-01T13:10:04.793Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3083 |
vulnerable | 2026-06-03 15:01:03.588308 |
Malformed MongoDB wire protocol messages may cause mongos to crash
HIGH (7.5)
Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 versions prior to 7.0.16
Published: 2025-04-01T11:12:31.268Z
Updated: 2025-04-01T13:18:48.632Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-3082 |
vulnerable | 2026-06-03 15:01:03.549956 |
User may override a view's collation and gain unauthorized access to underlying data
LOW (3.1)
A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.
Published: 2025-04-01T11:08:06.589Z
Updated: 2025-04-01T15:14:39.348Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7553 |
vulnerable | 2026-06-03 14:58:06.143411 |
Accessing Untrusted Directory May Allow Local Privilege Escalation
HIGH (7.3)
Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing arbitrary behaviour determined by the contents of untrusted files. This issue affects MongoDB Server v5.0 versions prior to 5.0.27, MongoDB Server v6.0 versions prior to 6.0.16, MongoDB Server v7.0 versions prior to 7.0.12, MongoDB Server v7.3 versions prior 7.3.3, MongoDB C Driver versions prior to 1.26.2 and MongoDB PHP Driver versions prior to 1.18.1.
Required Configuration:
Only environments with Windows as the underlying operating system is affected by this issue
Published: 2024-08-07T09:57:49.818Z
Updated: 2024-08-07T15:27:46.258Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6375 |
vulnerable | 2026-06-03 14:58:02.753717 |
Missing authorization check may lead to shard key refinement
MEDIUM (5.4)
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.
Published: 2024-07-01T14:40:32.566Z
Updated: 2024-08-01T21:33:05.457Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3372 |
vulnerable | 2026-06-03 14:56:24.167441 |
MongoDB Server may have unexpected application behaviour due to invalid BSON
HIGH (7.5)
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.
Published: 2024-05-14T13:24:05.097Z
Updated: 2024-08-01T20:12:06.488Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10921 |
vulnerable | 2026-06-03 14:54:12.932025 |
Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server
MEDIUM (6.8)
An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server. This issue affects MongoDB Server v5.0 versions prior to 5.0.30 , MongoDB Server v6.0 versions prior to 6.0.19, MongoDB Server v7.0 versions prior to 7.0.15 and MongoDB Server v8.0 versions prior to and including 8.0.2.
Published: 2024-11-14T16:04:04.062Z
Updated: 2024-11-15T09:45:56.720Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.