Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown
Code execution on Windows via OpenSSL engine injection
Disclosure Date: August 30, 2019 (last updated January 24, 2024)
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14 and MongoDB Server v3.4 prior to 3.4.22.
0