OPERATIONAL DEFECT DATABASE
...
...
As per documentation at: https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-execution-of-javascript --noscripting option when passed to mongod, doesn't stop any '$where' executions.
krishna.devale commented on Sat, 25 Mar 2017 11:08:34 +0000: Hi Mark, Thanks for your response. The issue is on my side. I had an alias for mongod as 'mongod --dbpath ' On the alias when I use mongod --noscripting, mongod was not recognizing the option. Even config file is very particular about indentation. I am able to get the --noscripting feature to work now. Thanks, Krishna mark.agarunov commented on Fri, 24 Mar 2017 18:35:48 +0000: Hello krishna.devale, Thank you for the report. Unfortunately, we have not been able to reproduce this. With --noscripting passed to mongod I'm seeing: Marks-MacBook-Pro(mongod-3.5.4) test> db.test.find( {$where:function(){print("TEST"); return true;}} ); Error: error: { "ok": 0, "errmsg": "no globalScriptEngine in $where parsing", "code": 2, "codeName": "BadValue", "operationTime": Timestamp(0, 0) } And no output in the server logs. Without --noscripting TEST is printed in the server logs. Thanks, Mark
1. Run 'mongod --noscripting' 2. Run mongo client 'mongo' 3. Run command in mongo client: db..find( {"$where":print("HI")} ); 4. Console logs of mongod prints out "HI" per document in collection
Click on a version to see all relevant bugs
MongoDB Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
