CVE-2024-7553

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 5.0.27 MongoDB Server versions prior to 6.0.16 MongoDB Server versions prior to 7.0.12 MongoDB Server versions prior to 7.3.3 MongoDB C Driver versions prior to 1.26.2 MongoDB PHP Driver versions prior to 1.18.1

Description The issue is related to incorrect validation of files loaded from a local untrusted directory, which may allow local privilege escalation if the underlying operating system is Windows. This could result in the application executing arbitrary behavior determined by the contents of untrusted files. Only environments with Windows as the underlying operating system are affected by this issue.

Recommendations For MongoDB Server versions prior to 5.0.27, update to version 5.0.27 or later. For MongoDB Server versions prior to 6.0.16, update to version 6.0.16 or later. For MongoDB Server versions prior to 7.0.12, update to version 7.0.12 or later. For MongoDB Server versions prior to 7.3.3, update to version 7.3.3 or later. For MongoDB C Driver versions prior to 1.26.2, update to version 1.26.2 or later. For MongoDB PHP Driver versions prior to 1.18.1, update to version 1.18.1 or later.