Operational Defect Database
BugZero found this defect 40 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
MongoDB | 2636100
killCursor is allowed to operate on cursors from another transaction while on a separate transaction
Last update date:
4/9/2024
Affected products:
MongoDB Server
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Info
Suppose we have the following scenario: Start a session A A starts a transaction T1 and creates a client cursor called C We start a session B B starts a transaction T2 and sends a killCursor command for C Currently this is allowed to work and there's nothing preventing it succeeding. This means that from transaction T2 we can perform a non-transactionable operation on T1 as it will take effect immediately before T2 is committed. We should ideally ban this from the server as it is extremely counterintuitive and prone to errors.
Top User Comments
Steps to Reproduce
