CVE-2024-8305
MongoDB Server secondaries may crash due to forced index constraints
6.5
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
prepareUnique index may cause secondaries to crash due to incorrect enforcement of index constraints on secondaries, where in extreme cases may cause multiple secondaries crashing leading to no primaries. This issue affects MongoDB Server v6.0 versions prior to 6.0.17, MongoDB Server v7.0 versions prior to 7.0.13 and MongoDB Server v7.3 versions prior to 7.3.4
How to fix CVE-2024-8305
To remediate CVE-2024-8305, upgrade the affected package to a fixed version below.
- —upgrade to 6.0.17 or later
Is CVE-2024-8305 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 6.0.0, < 6.0.17, >= 7.0.0, < 7.0.14
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |