Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.
Recommendation
Upgrade to version 3.1.13 or later.
Release Notes
mongodb/node-mongodb-native (mongodb)
### [`v3.1.13`](https://togithub.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#3113-2019-01-23)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.1.12...v3.1.13)
##### Bug Fixes
- restore ability to webpack by removing `makeLazyLoader` ([050267d](https://togithub.com/mongodb/node-mongodb-native/commit/050267d))
- **bulk:** honor ignoreUndefined in initializeUnorderedBulkOp ([e806be4](https://togithub.com/mongodb/node-mongodb-native/commit/e806be4))
- **changeStream:** properly handle changeStream event mid-close ([#1902](https://togithub.com/mongodb/node-mongodb-native/issues/1902)) ([5ad9fa9](https://togithub.com/mongodb/node-mongodb-native/commit/5ad9fa9))
- **db_ops:** ensure we async resolve errors in createCollection ([210c71d](https://togithub.com/mongodb/node-mongodb-native/commit/210c71d))
### [`v3.1.12`](https://togithub.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#3112-2019-01-16)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.1.11...v3.1.12)
##### Features
- **core:** update to mongodb-core v3.1.11 ([9bef6e7](https://togithub.com/mongodb/node-mongodb-native/commit/9bef6e7))
### [`v3.1.11`](https://togithub.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#3111-2019-01-15)
[Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.1.10...v3.1.11)
##### Bug Fixes
- **bulk:** fix error propagation in empty bulk.execute ([a3adb3f](https://togithub.com/mongodb/node-mongodb-native/commit/a3adb3f))
- **bulk:** make sure that any error in bulk write is propagated ([bedc2d2](https://togithub.com/mongodb/node-mongodb-native/commit/bedc2d2))
- **bulk:** properly calculate batch size for bulk writes ([aafe71b](https://togithub.com/mongodb/node-mongodb-native/commit/aafe71b))
- **operations:** do not call require in a hot path ([ff82ff4](https://togithub.com/mongodb/node-mongodb-native/commit/ff82ff4))
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.1.10
->3.1.13
GitHub Vulnerability Alerts
GHSA-mh5c-679w-hh4r
Versions of
mongodb
prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.Recommendation
Upgrade to version 3.1.13 or later.
Release Notes
mongodb/node-mongodb-native (mongodb)
### [`v3.1.13`](https://togithub.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#3113-2019-01-23) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.1.12...v3.1.13) ##### Bug Fixes - restore ability to webpack by removing `makeLazyLoader` ([050267d](https://togithub.com/mongodb/node-mongodb-native/commit/050267d)) - **bulk:** honor ignoreUndefined in initializeUnorderedBulkOp ([e806be4](https://togithub.com/mongodb/node-mongodb-native/commit/e806be4)) - **changeStream:** properly handle changeStream event mid-close ([#1902](https://togithub.com/mongodb/node-mongodb-native/issues/1902)) ([5ad9fa9](https://togithub.com/mongodb/node-mongodb-native/commit/5ad9fa9)) - **db_ops:** ensure we async resolve errors in createCollection ([210c71d](https://togithub.com/mongodb/node-mongodb-native/commit/210c71d)) ### [`v3.1.12`](https://togithub.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#3112-2019-01-16) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.1.11...v3.1.12) ##### Features - **core:** update to mongodb-core v3.1.11 ([9bef6e7](https://togithub.com/mongodb/node-mongodb-native/commit/9bef6e7)) ### [`v3.1.11`](https://togithub.com/mongodb/node-mongodb-native/blob/HEAD/HISTORY.md#3111-2019-01-15) [Compare Source](https://togithub.com/mongodb/node-mongodb-native/compare/v3.1.10...v3.1.11) ##### Bug Fixes - **bulk:** fix error propagation in empty bulk.execute ([a3adb3f](https://togithub.com/mongodb/node-mongodb-native/commit/a3adb3f)) - **bulk:** make sure that any error in bulk write is propagated ([bedc2d2](https://togithub.com/mongodb/node-mongodb-native/commit/bedc2d2)) - **bulk:** properly calculate batch size for bulk writes ([aafe71b](https://togithub.com/mongodb/node-mongodb-native/commit/aafe71b)) - **operations:** do not call require in a hot path ([ff82ff4](https://togithub.com/mongodb/node-mongodb-native/commit/ff82ff4))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.