Open Source Offerings

 View Only

Update Dec 20, 2021 - MongoDB Log4Shell Vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105)

By Ty Kearley posted Tue December 21, 2021 02:58 PM


When MongoDB became aware of the Log4Shell vulnerability (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105), an investigation began to determine whether there had been any impact to the products, services or internal systems.

As of December 20, 4pm ET, the following is the status of the investigation:

Product Status
MongoDB Atlas Search


Dec 18: Confirmed log4j removal from production Environment. Atlas Search is no longer affected.

Dec. 17: Patched to log4j v.2.16.0
in response to CVE-2021-45046

Dec. 12: Patched to log4j v.2.15.0
in response to CVE-2021-44228

No evidence of exploitation or indicators of compromise prior to the patches were discovered.

All other components of MongoDB Atlas
(including Atlas Database, Data Lake, Charts)

Not affected
MongoDB Enterprise Advanced
(including Enterprise Server, Ops Manager,
Enterprise Kubernetes Operators)
Not affected

MongoDB Community Edition
(including Community Server,
Cloud Manager, Community Kubernetes Operators)

Not affected
MongoDB Drivers Not affected

MongoDB Tools
(including Compass, Database Shell,
VS Code Plugin, Atlas CLI, Database Connectors)

Not affected

MongoDB Realm
(including Realm Database, Sync, Functions, APIs)

Not affected

The situation is continually being monitored and updates will released as new information becomes available.