Sicheng Liu

**Name of the Vulnerable Software and Affected Versions** MongoDB Server versions prior to 4.0.11 MongoDB Server versions prior to 3.6.14 MongoDB Server versions prior to 3.4.22 **Description** The issue is related to incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts. This allows users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. **Recommendations** For MongoDB Server versions prior to 4.0.11, update to version 4.0.11 or later. For MongoDB Server versions prior to 3.6.14, update to version 3.6.14 or later. For MongoDB Server versions prior to 3.4.22, update to version 3.4.22 or later.