An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
History

Mon, 16 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
Description An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

cve-icon MITRE

Status: PUBLISHED

Assigner: mongodb

Published: 2021-12-15T12:30:10.405212Z

Updated: 2024-09-16T17:23:58.888Z

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20330

cve-icon Vulnrichment

Updated: 2024-08-03T17:37:23.911Z

cve-icon NVD

Status : Modified

Published: 2021-12-15T13:15:07.633

Modified: 2024-09-16T18:15:44.960

Link: CVE-2021-20330

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-15T00:00:00Z

Links: CVE-2021-20330 - Bugzilla