SUSE CVE-2019-2390

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; Mongo...

FreeBSD : mongodb -- Bump Windows package dependencies (fd2e0ca8-e3ae-11e9-8af7-08002720423d)

Rich Mirch reports : An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the...

MongoDB 3.4 < 3.4.22, 3.6 < 3.6.14, 4.0 < 4.0.11 Code Execution Vulnerability - Windows

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptio...

CVE-2019-2390

CVE-2019-2390 describes a remote code execution vulnerability in MongoDB Server on Windows caused by an unprivileged user creating OpenSSL configuration files in a fixed location, which can cause utility programs shipped with MongoDB to run attacker-defined code as the invoking user. The issue af...

CVE-2019-2390 Code execution on Windows via OpenSSL engine injection

An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server to run attacker defined code as the user running the utility. This issue MongoDB Server v4.0 versions prior to 4.0.11; Mongo...