mongodb -- Bump Windows package dependencies
Rich Mirch reports:
An unprivileged user or program on Microsoft Windows which can create OpenSSL configuration files in a fixed location may cause utility programs shipped with MongoDB server versions less than 4.0.11, 3.6.14, and 3.4.22 to run attacker defined code as the user running the utility.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright