Version Details and Security Vulnerabilities

📦

mongodb

2.1.16

Comparision Betweeen 2.1.16 and 2.1.15

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Version 2.1.16 Details

MongoDB Node.js driver updated from version 2.1.15 to 2.1.16, representing a patch release focused on incremental improvements and bug fixes. Both versions maintain the same core dependencies: es6-promise (3.0.2), mongodb-core (differing slightly in version) and readable-stream (1.0.31), ensuring compatibility with these foundational libraries. Version 2.1.16 incorporates mongodb-core version 1.3.16, whereas 2.1.15 has mongodb-core version 1.3.15, typically indicating internal refinements or bug fixes within the core driver logic.

The developer dependencies, crucial for testing and development workflows, remain consistent across both versions, encompassing tools like co (4.5.4), nyc (^5.5.0), bson (^0.4.20), and various utilities for benchmarking, code coverage, and stream processing.

While outwardly similar, the key lies in the update to mongodb-core, suggesting potential resolution of edge-case behaviors or performance tuning relevant to database interactions. Developers relying on the MongoDB Node.js driver should consider upgrading for stability enhancements and any subtle improvements embedded within the updated core. Examine the mongodb-core changelog to understand the specific changes and potential impact to your application. The release dates indicate approximately a one-day gap between the releases, highlighting the iterative nature of software development.

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

mongodb

2.1.16

Comparision Betweeen 2.1.16 and 2.1.15

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

N/A

Unpacked Size

N/A

Version 2.1.16 Details

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.1.16 of the package mongodb.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.1.16 of the package

Summary:

Denial of Service in mongodb

Details:

Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application.

Recommendation

Upgrade to version 3.1.13 or later.

Details about mongodb@2.1.16

Summary:

Deserialization of Untrusted Data in bson

Details:

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.

Details about bson@0.4.23

Summary:

Deserialization of Untrusted Data in bson

Details:

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsontype, leading to cases where an object is serialized as a document rather than the intended BSON type.

Details about bson@0.4.23

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 2.1.16 of the package mongodb.

All Security Vulnerabilities

All the vulnerabilities related to the version 2.1.16 of the package

Summary:

Denial of Service in mongodb

Details:

Recommendation

Upgrade to version 3.1.13 or later.

Details about mongodb@2.1.16

Summary:

Deserialization of Untrusted Data in bson

Details:

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure.

Details about bson@0.4.23

Summary:

Deserialization of Untrusted Data in bson

Details:

Details about bson@0.4.23

Version Details and Security Vulnerabilities

mongodb

Comparision Betweeen 2.1.16 and 2.1.15

Version 2.1.16 Details

Security Vulnerabilities

Version Details and Security Vulnerabilities

mongodb

Comparision Betweeen 2.1.16 and 2.1.15

Version 2.1.16 Details

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Recommendation

Version Details and Security Vulnerabilities

mongodb

Comparision Betweeen 2.1.16 and 2.1.15

Version 2.1.16 Details

Security Vulnerabilities

Version Details and Security Vulnerabilities

mongodb

Comparision Betweeen 2.1.16 and 2.1.15

Version 2.1.16 Details

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

mongodb@2.1.16 GHSA-mh5c-679w-hh4r N/A

Recommendation

bson@0.4.23 GHSA-4jwp-vfvf-657p 5.4

bson@0.4.23 GHSA-v8w9-2789-6hhr 9.8

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

mongodb@2.1.16 GHSA-mh5c-679w-hh4r N/A

Recommendation

bson@0.4.23 GHSA-4jwp-vfvf-657p 5.4

bson@0.4.23 GHSA-v8w9-2789-6hhr 9.8