CVE-2021-32050 (c++, c_driver, node.js, php_driver, swift_driver)

Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.

Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).

This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB …

application authentication care command cve data drivers events expose file information issue listener log may mongodb node node.js security sensitive sensitive data sensitive information writing