Skip to content

Denial of Service in mongodb

high severity GitHub Reviewed Published Sep 3, 2020

Package

npm mongodb (npm)

Affected versions

< 3.1.13

Patched versions

3.1.13

Description

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.

Recommendation

Upgrade to version 3.1.13 or later.

References

GHSA ID

GHSA-mh5c-679w-hh4r