Libmongocrypt
1 CVEs
product
Monthly
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.
Microsoft
Node.js
Information Disclosure
Libmongocrypt
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-20327
npm
EPSS 0%
CVSS 6.8
MEDIUM
PATCH
This Month
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.
Microsoft
Node.js
Information Disclosure
+1
NVD