An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. | An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9. |
MITRE
Status: PUBLISHED
Assigner: mongodb
Published: 2021-12-15T12:30:10.405212Z
Updated: 2024-09-16T17:23:58.888Z
Reserved: 2020-12-17T00:00:00
Link: CVE-2021-20330
Vulnrichment
Updated: 2024-08-03T17:37:23.911Z
NVD
Status : Modified
Published: 2021-12-15T13:15:07.633
Modified: 2024-09-16T18:15:44.960
Link: CVE-2021-20330
Redhat