Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-85f9-vc47-9pr8

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE
View on GitHub

Advisory Details

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, prior to 5.0.22, MongoDB Server v6.0 versions, prior to 6.0.11 and MongoDB Server v7.0 versions prior to 7.0.3.

Related CVEs

CVE-2024-6375

Key Information

GHSA ID
GHSA-85f9-vc47-9pr8
Published
July 1, 2024 3:32 PM
Last Modified
July 1, 2024 3:32 PM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.