-
Type:
Bug
-
Resolution: Done
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: HTTP Console, Security
-
ALL
The REST interface does not properly filter invalid UTF-8, eg:
wget -q "http://localhost:28017/%3Cscript%3E%80%3C/script%3E"
This has the side effect of causing some errors in the `mongo` shell when trying to show dbs:
> db.adminCommand('listDatabases')
Mon Aug 27 00:47:49 decode failed. probably invalid utf-8 string [<script>?<]
Mon Aug 27 00:47:49 why: TypeError: malformed UTF-8 character sequence at offset 8
Mon Aug 27 00:47:49 Error: invalid utf8 shell/utils.js:926
The errors appear to persist in the shell until `mongod` is restarted.
Other tools such as `mongodump` do not appear to be affected.