CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

CVE-2024-8013

CVE-2024-8013 stems from a bug in query analysis of certain complex self-referential $lookup subpipelines that can cause literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Impact: if triggered, no documents would be returned or written....

CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source...