Just have a quick question from the MongoDB Database server end .
If we are running the MongoDB instance with authentication enabled , do we have any vulnerability with running javascriptProtection: false (I see that is the default - because we do not have anything specified on the mongod config by default but I do see this
The value for javascriptProtection parameter has been changed in MongoDB v3.4+ to be enabled by default. If your MongoDB deployment is on v3.2 (EOL September 2018) or under, I’d recommend to upgrade your deployment version to a more recent version.
The feature setting was built to avoid overloading built-in functions in/from mongo shell. It’d be recommended to set the value to true. Please see also MongoDB Security Checklist to view list of security measures that you should implement to protect your MongoDB installation.