Except Altas Search, other products of MongoDB like Atlas, Mongo DB Community Edition, Driver, Enterprise Advanced, Realm, Tools have been unaffected by Log4j Vulnerability. As of Dec17th, Mongo DB Atlas search has been already patched to log4j v2.16.0 from log4j v2.15.0 and till now no evidence of exploitation of the vulnerability has been detected by MongoDB Team. Since the Vulnerability continues to exist in Wild, MongoDB has asked customers to update Atlas Search in their own environments to prevent exploitation attempts.
| MongoDB Products | Versions | Source | |
|---|---|---|---|
| MongoDB Atlas Search | All | Vulnerable | source |
| MongoDB Atlas | All | Not Vulnerable | source |
| MongoDB Community Edition | All | Not Vulnerable | source |
| MongoDB Drivers | All | Not Vulnerable | source |
| MongoDB Enterprise Advanced | All | Not Vulnerable | source |
| MongoDB Realm | All | Not Vulnerable | source |
| MongoDB Tools | All | Not Vulnerable | source |