Update mongodb version to patch high severity vulnerability [$20]

Question

Update mongodb version to patch high severity vulnerability [$20]

ben833 opened this issue 5 years ago · comments

There is a high severity vulnerability in the current version (1.5.0) - Denial of Service
https://npmjs.com/advisories/1203

It does not pass npm audit. Please upgrade mongodb to version >=3.1.13 so it passes.

There is a $20 open bounty on this issue. Add to the bounty at Bountysource.

Tobias Gurtzick · Answer 1 · Wed Oct 23 2019 00:37:32 GMT+0800 (China Standard Time)

Thanks for putting awareness on this issue. Since this is a major jump on the mongodb version I expected already a few tests to fail and problems to arise. If you're willing to help on this fixing for the latest mongodb version this will be warmheartedly welcomed.

I will look to put this into my schedule and see to fix the issues that come up with that upgrade, please don't hesitate to push the issue up should you feel no progress, to avoid it going under the radar since I am quite involved currently in multiple projects.

Tobias Gurtzick · Answer 2 · Wed Oct 23 2019 00:40:20 GMT+0800 (China Standard Time)

On the master branch I put for reference already the newest mongodb version, tests are failing as described.

Ben Margolis · Answer 3 · Wed Oct 23 2019 02:31:56 GMT+0800 (China Standard Time)

I made a bit of progress, see #41