{"id":"CVE-2021-20331","details":"Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as \"saslStart\", \"saslContinue\", \"isMaster\", \"createUser\", and \"updateUser\" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver v2.12 versions prior to and including 2.12.1.","aliases":["GHSA-p9rv-qgqw-jx2w"],"modified":"2026-04-10T04:41:29.776872Z","published":"2021-05-13T08:15:06.557Z","references":[{"type":"FIX","url":"https://jira.mongodb.org/browse/CSHARP-3521"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mongodb/mongo-csharp-driver","events":[{"introduced":"e75af27dc5966e9315d04f73ffa2c42549318a02"},{"fixed":"a4a3888f4fb51bb518b1eb5002effc2d47f2ea6a"},{"introduced":"0"},{"last_affected":"cb27a82ea70620ad1acad8058809be8302ae4f2a"}],"database_specific":{"versions":[{"introduced":"2.12.0"},{"fixed":"2.12.2"},{"introduced":"0"},{"last_affected":"2.11.0-NA"}]}}],"versions":["v0.11.0.4042","v0.5.0.3940","v0.7.0.3959","v0.9.0.3992","v1.0.0.4098","v1.1.0.4184","v1.2.0.4274","v1.3.0.4309","v1.4.0.4468","v1.4.1.4490","v1.4.2.4500","v1.5.0.4566","v1.6.0.4624","v1.6.0rc0","v1.6.1.4678","v1.7.0.4714","v1.8.0.124","v1.8.1.20","v1.8.2.34","v1.9.0","v1.9.0-rc0","v1.9.0-rc1","v2.0.0","v2.0.0-beta1","v2.0.0-beta2","v2.0.0-beta3","v2.0.0-beta4","v2.0.0-rc0","v2.1.0-rc0","v2.1.0-rc1","v2.10.0","v2.10.0-beta1","v2.11.0","v2.11.0-beta1","v2.11.0-beta2","v2.12.0","v2.12.1","v2.2.0","v2.2.0-rc0","v2.2.1","v2.3.0","v2.3.0-beta1","v2.3.0-rc1","v2.4.0","v2.4.0-beta1","v2.4.1","v2.4.2","v2.4.3","v2.4.4","v2.5.0","v2.7.0","v2.7.0-beta1","v2.9.0","v2.9.0-beta1","v2.9.0-beta2","v2.9.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20331.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}