BIT-mongodb-2021-20330

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2021-20330.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2021-20330
Aliases
Published
2024-03-06T10:58:03.684Z
Modified
2025-05-20T10:02:07.006Z
Summary
Specific replication command with malformed oplog entries can crash secondaries
Details

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
4.0.0
Fixed
4.0.25
Introduced
4.2.0
Fixed
4.2.14
Introduced
4.4.0
Fixed
4.4.6