Create a Vulnerability Report创建漏洞报告
On this page本页内容
If you believe you have discovered a vulnerability in MongoDB products or have experienced a security incident related to MongoDB products, please report the issue to aid in its resolution. For more information on vulnerability reports, see the following resources:如果您认为自己在MongoDB产品中发现了漏洞,或者遇到了与MongoDB产品相关的安全事件,请报告该问题以帮助解决。有关漏洞报告的更多信息,请参阅以下资源:
- MongoDB Security information
on our website - Webform for vulnerability report submission
Evaluation of a Vulnerability Report脆弱性报告的评估
MongoDB, Inc. validates all submitted vulnerabilities through internal investigation. MongoDB,股份有限公司通过内部调查验证所有提交的漏洞。If needed, MongoDB representatives will reach out to the reporter for further information and to provide the results of the investigation. Please allow MongoDB representatives up to one week to acknowledge submissions.如果需要,MongoDB代表将联系记者了解更多信息并提供调查结果。请允许MongoDB代表在一周内确认提交。
Disclosure披露
MongoDB, Inc. requests that you do not publicly disclose any information regarding the vulnerability or exploit the issue until it has had the opportunity to analyze the vulnerability, to respond to the notification, and to notify key users, customers, and partners.MongoDB,股份有限公司要求您在有机会分析漏洞、响应通知并通知关键用户、客户和合作伙伴之前,不要公开披露有关该漏洞的任何信息或利用该问题。
The amount of time required to validate a reported vulnerability depends on the complexity and severity of the issue. 验证报告的漏洞所需的时间取决于问题的复杂性和严重性。MongoDB, Inc. takes all required vulnerabilities very seriously and will always ensure that there is a clear and open channel of communication with the reporter.MongoDB,股份有限公司非常认真地对待所有需要的漏洞,并将始终确保与记者有一个清晰、开放的沟通渠道。
After validating an issue, MongoDB, Inc. coordinates public disclosure of the issue with the reporter in a mutually agreed timeframe and format. If required or requested, the reporter of a vulnerability will receive credit in the published security bulletin.在确认一个问题后,MongoDB,股份有限公司按照双方商定的时间和格式与报告人协调公开披露问题。如果需要或请求,漏洞报告人将在发布的安全公告中获得信用。