CVE-2021-20330

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6.
References
Link Resource
https://jira.mongodb.org/browse/SERVER-36263 Issue Tracking Patch
Configurations

Configuration 1

cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

Information

Published : 2021-12-15 01:15

Updated : 2021-12-20 04:12


NVD link : CVE-2021-20330

Mitre link : CVE-2021-20330

Products Affected
No products.
CWE