CVE-2021-32050

🗓️ 29 Aug 2023 15:24:30Reported by mongodbType

Some MongoDB Drivers may erroneously publish authentication-related data to a command listener, potentially exposing sensitive information

Reporter	Title	Published	Views	Family All 35
AstraLinux	Astra Linux - уязвимость в mongo-c-driver	3 May 202623:59	–	astralinux
Circl	CVE-2021-32050	29 Aug 202320:17	–	circl
CNNVD	MongoDB 日志信息泄露漏洞	29 Aug 202300:00	–	cnnvd
CNVD	MongoDB Information Disclosure Vulnerability (CNVD-2023-68220)	31 Aug 202300:00	–	cnvd
Cvelist	CVE-2021-32050 Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application	29 Aug 202315:24	–	cvelist
Debian	[SECURITY] [DLA 4175-1] mongo-c-driver security update	20 May 202519:14	–	debian
Debian CVE	CVE-2021-32050	29 Aug 202315:24	–	debiancve
Tenable Nessus	Debian dla-4175 : libbson-1.0-0 - security update	20 May 202500:00	–	nessus
Tenable Nessus	Dell Wyse Management Suite < 5.1 Multiple Vulnerabilities (DSA-2025-135)	3 Apr 202500:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2021-32050	6 Mar 202500:00	–	nessus

NVD

Node

mongodb c++Range1.0.0–1.17.7mongodb

mongodb c_driverRange1.0.0–1.17.7mongodb

mongodb node.jsRange3.6–3.6.10mongodb

mongodb node.jsRange4.0–4.17.0mongodb

mongodb node.jsRange5.0–5.8.0mongodb

mongodb php_driverRange1.0.0–1.9.2mongodb

mongodb swift_driverRange1.0.0–1.1.1mongodb

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB C Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "1.17.7",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB C++ Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "3.7.0",
        "status": "affected",
        "version": "3.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB PHP Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "1.9.2",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Swift Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "1.1.1",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Node.js Driver",
    "vendor": "MongoDB Inc",
    "versions": [
      {
        "lessThan": "3.6.10",
        "status": "affected",
        "version": "3.6",
        "versionType": "custom"
      },
      {
        "lessThan": "4.17.0",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.8.0",
        "status": "affected",
        "version": "5.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/NODE-3356
jira	www.jira.mongodb.org/browse/SWIFT-1229
security	www.security.netapp.com/advisory/ntap-20231006-0001/
jira	www.jira.mongodb.org/browse/CDRIVER-3797
jira	www.jira.mongodb.org/browse/CXX-2028
jira	www.jira.mongodb.org/browse/PHPC-1869
lists	www.lists.debian.org/debian-lts-announce/2025/05/msg00027.html

03 Nov 2025 20:15Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.14.2 - 7.5

EPSS0.00048

SSVC