An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mongodb
Published: 2021-12-15T00:00:00
Updated: 2024-08-15T17:08:47.259Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20330
Vulnrichment
Updated: 2024-08-03T17:37:23.911Z
NVD
Status : Modified
Published: 2021-12-15T13:15:07.633
Modified: 2024-01-23T16:15:49.637
Link: CVE-2021-20330
Redhat