VYPR

npm package

mongodb-client-encryption

pkg:npm/mongodb-client-encryption

Vulnerabilities (1)

  • CVE-2021-20327Feb 25, 2021
    affected >= 1.2.0, < 1.2.1fixed 1.2.1

    A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node