[FP]: spring-ai-mongodb-atlas-store:1.0.1 incorrectly mapped to CPE mongodb:1.0.1 #7906
Description
Package URl
pkg:maven/org.springframework.ai/[email protected]
CPE
cpe:2.3:a:mongodb:mongodb:1.0.1:::::::*
CVE
No response
ODC Integration
{"label" => "Maven Plugin"}
ODC Version
12.1.0
Description
Dependency-Check is incorrectly mapping the artifact org.springframework.ai:spring-ai-mongodb-atlas-store:1.0.1 to the CPE mongodb:1.0.1. This causes false positives for multiple
CVE entries from 2012–2016 that only apply to MongoDB server 1.x.
The artifact is a Spring AI integration library for MongoDB Atlas,
not the MongoDB server.
Actual resolved dependencies include:
spring-data-mongodb:4.5.3org.mongodb:mongodb-driver-core:5.5.1org.mongodb:mongodb-driver-sync:5.5.1org.mongodb:bson:5.5.1
Evidence from the report shows:
pkg:maven/org.springframework.ai/[email protected](Confidence: High)cpe:2.3:a:mongodb:mongodb:1.0.1(Confidence: Highest)
This mis-match is triggered by the artifactId containing "mongodb"
and the version number "1.0.1", even though the vendor is
org.springframework.ai (VMware/Broadcom). None of the listed CVEs
apply to this dependency.
mvn org.owasp:dependency-check-maven:12.1.0:check -DfailBuildOnCVSS=0 -DskipRuntimeScope=true -DskipProvidedScope=true -DassemblyAnalyzerEnabled=false -DsuppressionFile=xxx/owasp-suppressions.xml -DnvdApiKey=xxxx -DnvdApiDelay=16000 -DnvdMaxRetryCount=20 -DdataDirectory=$HOME/.dependency-check/data
<div class="subsectioncontent" googl="true"><p><b>Description:</b></p><pre>Spring AI Vector Store - MongoDB Atlas</pre><p></p><p><b>License:</b></p><pre class="indent">Apache 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt</pre><b>File Path:</b> /Users/jvdb/.m2/repository/org/springframework/ai/spring-ai-mongodb-atlas-store/1.0.1/spring-ai-mongodb-atlas-store-1.0.1.jar<br><b>MD5:</b> 1f51d33a460406263e3dba4f82a9c947<br><b>SHA1:</b> 6287c6fb00b86123ffdae4e7cee2569950c6371d<br><b>SHA256:</b>afb25f8286d1a4dec9630c62e1d14e104e5b6ec9c5cbf640ba8fbdbf105d65eb<br><b>Referenced In Project/Scope:</b> study-guide-api:compile<br><span class="tooltip"><span class="tooltiptext">spring-ai-mongodb-atlas-store-1.0.1.jar is in the transitive dependency tree of the listed items.</span><b>Included by:</b></span> pkg:maven/org.springframework.ai/[email protected]<p></p><h4 id="header305" class="subsectionheader white collapsed collaspablesubsection">Evidence</h4><div id="content305" class="subsectioncontent standardsubsection hidden" style="display: block;"><table class="lined fullwidth" border="0"><tbody><tr><th class="left" style="width:10%;">Type</th><th class="left" style="width:10%;">Source</th><th class="left" style="width:20%;">Name</th><th class="left" style="width:50%;">Value</th><th class="left" style="width:10%;">Confidence</th></tr><tr><td>Vendor</td><td>file</td><td>name</td><td>spring-ai-mongodb-atlas-store</td><td>High</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>pivotal software</td><td>Highest</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>SpringSource</td><td>Highest</td></tr><tr><td>Vendor</td><td>hint analyzer</td><td>vendor</td><td>vmware</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>ai</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>mongodb</td><td>Highest</td></tr><tr><td>Vendor</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Vendor</td><td>Manifest</td><td>build-jdk-spec</td><td>17</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-ai-mongodb-atlas-store</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>artifactid</td><td>spring-ai-mongodb-atlas-store</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>christian tzolov at broadcom.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer email</td><td>mpollack at vmware.com</td><td>Low</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>mpollack</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer id</td><td>tzolov</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Christian Tzolov</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer name</td><td>Mark Pollack</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer org</td><td>Broadcom</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer org</td><td>VMware</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>developer org URL</td><td>http://www.spring.io</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>groupid</td><td>org.springframework.ai</td><td>Highest</td></tr><tr><td>Vendor</td><td>pom</td><td>name</td><td>Spring AI Vector Store - MongoDB Atlas</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization name</td><td>VMware Inc.</td><td>High</td></tr><tr><td>Vendor</td><td>pom</td><td>organization url</td><td>https://spring.io</td><td>Medium</td></tr><tr><td>Vendor</td><td>pom</td><td>url</td><td>spring-projects-experimental/spring-ai</td><td>Highest</td></tr><tr><td>Product</td><td>file</td><td>name</td><td>spring-ai-mongodb-atlas-store</td><td>High</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>ai</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>mongodb</td><td>Highest</td></tr><tr><td>Product</td><td>jar</td><td>package name</td><td>springframework</td><td>Highest</td></tr><tr><td>Product</td><td>Manifest</td><td>build-jdk-spec</td><td>17</td><td>Low</td></tr><tr><td>Product</td><td>Manifest</td><td>Implementation-Title</td><td>spring-ai-mongodb-atlas-store</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>artifactid</td><td>spring-ai-mongodb-atlas-store</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>christian tzolov at broadcom.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer email</td><td>mpollack at vmware.com</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>mpollack</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer id</td><td>tzolov</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Christian Tzolov</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer name</td><td>Mark Pollack</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer org</td><td>Broadcom</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer org</td><td>VMware</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>developer org URL</td><td>http://www.spring.io</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>groupid</td><td>org.springframework.ai</td><td>Highest</td></tr><tr><td>Product</td><td>pom</td><td>name</td><td>Spring AI Vector Store - MongoDB Atlas</td><td>High</td></tr><tr><td>Product</td><td>pom</td><td>organization name</td><td>VMware Inc.</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>organization url</td><td>https://spring.io</td><td>Low</td></tr><tr><td>Product</td><td>pom</td><td>url</td><td>spring-projects-experimental/spring-ai</td><td>High</td></tr><tr><td>Version</td><td>file</td><td>version</td><td>1.0.1</td><td>High</td></tr><tr><td>Version</td><td>Manifest</td><td>Implementation-Version</td><td>1.0.1</td><td>High</td></tr><tr><td>Version</td><td>pom</td><td>version</td><td>1.0.1</td><td>Highest</td></tr></tbody></table></div><h4 id="header306" class="subsectionheader white collapsed collaspablesubsection">Related Dependencies</h4><div id="content306" class="subsectioncontent standardsubsection hidden" style="display: block;"><ul><li>spring-ai-autoconfigure-vector-store-mongodb-atlas-1.0.1.jar<ul><li>File Path: /Users/jvdb/.m2/repository/org/springframework/ai/spring-ai-autoconfigure-vector-store-mongodb-atlas/1.0.1/spring-ai-autoconfigure-vector-store-mongodb-atlas-1.0.1.jar</li><li>MD5: 2656e3264dd43feba7eb799535fb8e65</li><li>SHA1: 54415b509ab75d2da80d3199f1065651552fdf95</li><li>SHA256: b73aaa22852eca5d99728cf0dfd176b834d185f8471bb7287c214e780b55bd71</li> <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.ai/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=12.1.0" target="_blank">pkg:maven/org.springframework.ai/[email protected]</a></li></ul></li><li>spring-ai-starter-vector-store-mongodb-atlas-1.0.1.jar<ul><li>File Path: /Users/jvdb/.m2/repository/org/springframework/ai/spring-ai-starter-vector-store-mongodb-atlas/1.0.1/spring-ai-starter-vector-store-mongodb-atlas-1.0.1.jar</li><li>MD5: b16944d99f73c7525ea17f7bd3ad2dff</li><li>SHA1: 8d2d3b2e6eb64f15fbe1e69d3912a6c90175e47f</li><li>SHA256: cf14e7a045305406c4b6bb8e596baa9e7b28733d9f4b24ac97595acc7a5ad2df</li> <li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.ai/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=12.1.0" target="_blank">pkg:maven/org.springframework.ai/[email protected]</a></li></ul></li></ul></div><h4 id="header307" class="subsectionheader white">Identifiers</h4><div id="content307" class="subsectioncontent standardsubsection"><ul><li><a href="https://ossindex.sonatype.org/component/pkg:maven/org.springframework.ai/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=12.1.0" target="_blank">pkg:maven/org.springframework.ai/[email protected]</a> (<i>Confidence</i>:High)</li><li><a href="https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Amongodb&cpe_product=cpe%3A%2F%3Amongodb%3Amongodb&cpe_version=cpe%3A%2F%3Amongodb%3Amongodb%3A1.0.1" target="_blank">cpe:2.3:a:mongodb:mongodb:1.0.1:*:*:*:*:*:*:*</a> (<i>Confidence</i>:Highest) <button class="copybutton" title="Generate Suppression XML for the identified vulnerability identifier" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cpe" data-id-to-suppress="cpe:/a:mongodb:mongodb">suppress</button></li></ul></div><h4 id="header308" class="subsectionheader collapsed collaspablesubsection white">Published Vulnerabilities</h4><div id="content308" class="subsectioncontent standardsubsection"><p><b><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6619">CVE-2012-6619</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cve" data-id-to-suppress="CVE-2012-6619">suppress</button></p><p></p><pre>The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.</pre>CWE-20 Improper Input Validation<br><br>CVSSv2:<ul><li>Base Score: MEDIUM (6.4)</li><li>Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P</li></ul><br>References:<ul><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://blog.ptsecurity.com/2012/11/attacking-mongodb.html">EXPLOIT</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://jira.mongodb.org/browse/SERVER-7769">EXPLOIT,VENDOR_ADVISORY</a></li><li>[email protected] - <a target="_blank" href="http://blog.ptsecurity.com/2012/11/attacking-mongodb.html">EXPLOIT</a></li><li>[email protected] - <a target="_blank" href="https://jira.mongodb.org/browse/SERVER-7769">EXPLOIT,VENDOR_ADVISORY</a></li></ul><p></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs2">show all</a>)</p><ul><li class="vs2"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.3.1</a></li><li class="vs2">...</li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.3.1</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.2.0">cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.4.0">cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.6.0">cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.8.0">cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.0">cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.1">cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.2">cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.3">cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.4">cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.5">cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.6">cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.7">cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.8">cpe:2.3:a:mongodb:mongodb:2.0.8:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.0">cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.1">cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.2">cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.3">cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.4">cpe:2.3:a:mongodb:mongodb:2.2.4:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.5">cpe:2.3:a:mongodb:mongodb:2.2.5:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.6">cpe:2.3:a:mongodb:mongodb:2.2.6:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.7">cpe:2.3:a:mongodb:mongodb:2.2.7:*:*:*:*:*:*:*</a></li><li class="vs2 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.3.0">cpe:2.3:a:mongodb:mongodb:2.3.0:*:*:*:*:*:*:*</a></li></ul><p></p><p><b><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1892">CVE-2013-1892</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cve" data-id-to-suppress="CVE-2013-1892">suppress</button></p><p></p><pre>MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.</pre>CWE-20 Improper Input Validation<br><br>CVSSv2:<ul><li>Base Score: MEDIUM (6.0)</li><li>Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P</li></ul><br>References:<ul><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/">EXPLOIT</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2013-1170.html">VENDOR_ADVISORY</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://www.mongodb.org/about/alerts/">VENDOR_ADVISORY</a></li><li>[email protected] - <a target="_blank" href="http://blog.scrt.ch/2013/03/24/mongodb-0-day-ssji-to-rce/">EXPLOIT</a></li><li>[email protected] - <a target="_blank" href="http://rhn.redhat.com/errata/RHSA-2013-1170.html">VENDOR_ADVISORY</a></li><li>[email protected] - <a target="_blank" href="http://www.mongodb.org/about/alerts/">VENDOR_ADVISORY</a></li></ul><p></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs3">show all</a>)</p><ul><li class="vs3"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.0.8</a></li><li class="vs3">...</li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.0.8</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.2.0">cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.4.0">cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.6.0">cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.8.0">cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.0">cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.1">cpe:2.3:a:mongodb:mongodb:2.0.1:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.2">cpe:2.3:a:mongodb:mongodb:2.0.2:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.3">cpe:2.3:a:mongodb:mongodb:2.0.3:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.4">cpe:2.3:a:mongodb:mongodb:2.0.4:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.5">cpe:2.3:a:mongodb:mongodb:2.0.5:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.6">cpe:2.3:a:mongodb:mongodb:2.0.6:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.7">cpe:2.3:a:mongodb:mongodb:2.0.7:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.0">cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.1">cpe:2.3:a:mongodb:mongodb:2.2.1:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.2">cpe:2.3:a:mongodb:mongodb:2.2.2:*:*:*:*:*:*:*</a></li><li class="vs3 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.3">cpe:2.3:a:mongodb:mongodb:2.2.3:*:*:*:*:*:*:*</a></li></ul><p></p><p><b><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8180">CVE-2014-8180</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cve" data-id-to-suppress="CVE-2014-8180">suppress</button></p><p></p><pre>MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.</pre>CWE-287 Improper Authentication<br><br>CVSSv3:<ul><li>Base Score: MEDIUM (5.5)</li><li>Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A</li></ul>CVSSv2:<ul><li>Base Score: LOW (2.1)</li><li>Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P</li></ul><br>References:<ul><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=1301703">ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY,VDB_ENTRY</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod">PRODUCT</a></li><li>[email protected] - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=1301703">ISSUE_TRACKING,PATCH,THIRD_PARTY_ADVISORY,VDB_ENTRY</a></li><li>[email protected] - <a target="_blank" href="https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/preparing_your_environment_for_installation#restricting_access_to_mongod">PRODUCT</a></li></ul><p></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs4">show all</a>)</p><ul><li class="vs4"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*</a></li><li class="vs4">...</li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*</a></li><li class="vs4 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aredhat%3Asatellite%3A6.0">cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:* version is NOT VULNERABLE</a></li></ul><p></p><p><b><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6494">CVE-2016-6494</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cve" data-id-to-suppress="CVE-2016-6494">suppress</button></p><p></p><pre>The client in MongoDB uses world-readable permissions on .dbshell history files, which might allow local users to obtain sensitive information by reading these files.</pre>CWE-200 Exposure of Sensitive Information to an Unauthorized Actor<br><br>CVSSv3:<ul><li>Base Score: MEDIUM (5.5)</li><li>Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A</li></ul>CVSSv2:<ul><li>Base Score: LOW (2.1)</li><li>Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N</li></ul><br>References:<ul><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908">ISSUE_TRACKING</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=1362553">ISSUE_TRACKING</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://jira.mongodb.org/browse/SERVER-25335">ISSUE_TRACKING</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0">ISSUE_TRACKING,PATCH</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2016/07/29/4">MAILING_LIST,THIRD_PARTY_ADVISORY</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2016/07/29/8">MAILING_LIST,THIRD_PARTY_ADVISORY</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://www.securityfocus.com/bid/92204">THIRD_PARTY_ADVISORY,VDB_ENTRY</a></li><li>[email protected] - <a target="_blank" href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908">ISSUE_TRACKING</a></li><li>[email protected] - <a target="_blank" href="https://bugzilla.redhat.com/show_bug.cgi?id=1362553">ISSUE_TRACKING</a></li><li>[email protected] - <a target="_blank" href="https://jira.mongodb.org/browse/SERVER-25335">ISSUE_TRACKING</a></li><li>[email protected] - <a target="_blank" href="https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0">ISSUE_TRACKING,PATCH</a></li><li>[email protected] - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2016/07/29/4">MAILING_LIST,THIRD_PARTY_ADVISORY</a></li><li>[email protected] - <a target="_blank" href="http://www.openwall.com/lists/oss-security/2016/07/29/8">MAILING_LIST,THIRD_PARTY_ADVISORY</a></li><li>[email protected] - <a target="_blank" href="http://www.securityfocus.com/bid/92204">THIRD_PARTY_ADVISORY,VDB_ENTRY</a></li></ul><p></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs5">show all</a>)</p><ul><li class="vs5"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.15</a></li><li class="vs5">...</li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.15</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions from (including) 3.2; versions up to (excluding) 3.2.14</a></li><li class="vs5 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions from (including) 3.3; versions up to (excluding) 3.3.14</a></li></ul><p></p><p><b><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1609">CVE-2015-1609</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cve" data-id-to-suppress="CVE-2015-1609">suppress</button></p><p></p><pre>MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.</pre>CWE-20 Improper Input Validation<br><br>CVSSv2:<ul><li>Base Score: MEDIUM (5.0)</li><li>Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P</li></ul><br>References:<ul></ul><p></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs6">show all</a>)</p><ul><li class="vs6"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.4.12</a></li><li class="vs6">...</li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.4.12</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.0">cpe:2.3:a:mongodb:mongodb:2.6.0:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.1">cpe:2.3:a:mongodb:mongodb:2.6.1:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.2">cpe:2.3:a:mongodb:mongodb:2.6.2:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.3">cpe:2.3:a:mongodb:mongodb:2.6.3:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.4">cpe:2.3:a:mongodb:mongodb:2.6.4:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.5">cpe:2.3:a:mongodb:mongodb:2.6.5:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.6">cpe:2.3:a:mongodb:mongodb:2.6.6:*:*:*:*:*:*:*</a></li><li class="vs6 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.6.7">cpe:2.3:a:mongodb:mongodb:2.6.7:*:*:*:*:*:*:*</a></li></ul><p></p><p googl="true"><b><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2132">CVE-2013-2132</a></b> <button class="copybutton" title="Generate Suppression XML for this CVE for this file" data-display-name="spring-ai-mongodb-atlas-store-1.0.1.jar" data-sha1="6287c6fb00b86123ffdae4e7cee2569950c6371d" data-pkgurl="pkg:maven/org.springframework.ai/[email protected]" data-type-to-suppress="cve" data-id-to-suppress="CVE-2013-2132">suppress</button></p><p></p><pre>bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as used in MongoDB, allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to decoding of an "invalid DBRef."</pre>NVD-CWE-Other<br><br>CVSSv2:<ul><li>Base Score: MEDIUM (4.3)</li><li>Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P</li></ul><br>References:<ul><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2">EXPLOIT,PATCH</a></li><li>af854a3a-2127-422b-91ae-364da2661108 - <a target="_blank" href="http://ubuntu.com/usn/usn-1897-1">VENDOR_ADVISORY</a></li><li>[email protected] - <a target="_blank" href="https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2">EXPLOIT,PATCH</a></li><li>[email protected] - <a target="_blank" href="http://ubuntu.com/usn/usn-1897-1">VENDOR_ADVISORY</a></li></ul><p></p><p>Vulnerable Software & Versions: (<a href="#" class="versionToggle" data-toggle=".vs7">show all</a>)</p><ul><li class="vs7"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.5.1</a></li><li class="vs7">...</li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb">cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:* versions up to (including) 2.5.1</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.2.0">cpe:2.3:a:mongodb:mongodb:1.2.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.4.0">cpe:2.3:a:mongodb:mongodb:1.4.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.6.0">cpe:2.3:a:mongodb:mongodb:1.6.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A1.8.0">cpe:2.3:a:mongodb:mongodb:1.8.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.0.0">cpe:2.3:a:mongodb:mongodb:2.0.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.2.0">cpe:2.3:a:mongodb:mongodb:2.2.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.4.0">cpe:2.3:a:mongodb:mongodb:2.4.0:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.4.1">cpe:2.3:a:mongodb:mongodb:2.4.1:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.4.2">cpe:2.3:a:mongodb:mongodb:2.4.2:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.4.3">cpe:2.3:a:mongodb:mongodb:2.4.3:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.4.4">cpe:2.3:a:mongodb:mongodb:2.4.4:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.4.5">cpe:2.3:a:mongodb:mongodb:2.4.5:*:*:*:*:*:*:*</a></li><li class="vs7 hidden"><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Amongodb%3Amongodb%3A2.5.0">cpe:2.3:a:mongodb:mongodb:2.5.0:*:*:*:*:*:*:*</a></li></ul><p></p></div></div>