MongoDB Products | Log4j Impact

Except Altas Search, other products of MongoDB like Atlas, Mongo DB Community Edition, Driver, Enterprise Advanced, Realm, Tools have been unaffected by Log4j Vulnerability. As of Dec17th, Mongo DB Atlas search has been already patched to log4j v2.16.0 from log4j v2.15.0 and till now no evidence of exploitation of the vulnerability has been detected by MongoDB Team. Since the Vulnerability continues to exist in Wild, MongoDB has asked customers to update Atlas Search in their own environments to prevent exploitation attempts.

MongoDB ProductsVersionsSource
MongoDB Atlas SearchAllVulnerablesource
MongoDB Atlas AllNot Vulnerablesource
MongoDB Community Edition AllNot Vulnerablesource
MongoDB Drivers AllNot Vulnerablesource
MongoDB Enterprise Advanced AllNot Vulnerablesource
MongoDB Realm AllNot Vulnerablesource
MongoDB Tools AllNot Vulnerablesource
Source: https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb