BugZero found this defect 19 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/30/2024
MongoDB Server
No affected releases provided.
No fixed releases provided.
Tracing of the encrypted db client does not take place unless we toggle "toggleAutoEncryption" on in the connection. This can result in the encrypted db client object not being traced, and subsequently being GCd before we are done using it.
// repro.js var session; /* from Top-level statement 111 */ var kvDbName; /* from Top-level statement 1750 */ var $startTime = Date.now(); try { var clientSideFLEOptions = { kmsProviders: {}, keyVaultNamespace: kvDbName + '.keystore', schemaMap: {} }; } catch (e) { } var $endTime = Date.now(); print('Top-level statement 625 completed in', $endTime - $startTime, 'ms'); var $startTime = Date.now(); try { var initialConn = db.getMongo(); } catch (e) { } var $endTime = Date.now(); print('Top-level statement 880 completed in', $endTime - $startTime, 'ms'); gc(); var $startTime = Date.now(); try { session(initialConn.setAutoEncryption(clientSideFLEOptions)); } catch (e) { } var $endTime = Date.now(); print('Top-level statement 1392 completed in', $endTime - $startTime, 'ms'); gc(); var $startTime = Date.now(); try { initialConn.toggleAutoEncryption(true); } catch (e) { } var $endTime = Date.now(); print('Top-level statement 1432 completed in', $endTime - $startTime, 'ms'); gc();