An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
References
Link | Resource |
---|---|
https://jira.mongodb.org/browse/SERVER-36263 | Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mongodb
Published: 2021-12-15T00:00:00
Updated: 2024-01-23T16:07:57.784Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20330
JSON object: View
NVD Information
Status : Modified
Published: 2021-12-15T13:15:07.633
Modified: 2024-01-23T16:15:49.637
Link: CVE-2021-20330
JSON object: View
Redhat Information
No data.
CWE