BIT-mongodb-2021-32036

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/mongodb/BIT-mongodb-2021-32036.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-mongodb-2021-32036
Aliases
Published
2024-03-06T10:57:41.177Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28

References

Affected packages

Bitnami / mongodb

Package

Name
mongodb
Purl
pkg:bitnami/mongodb

Severity

  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.0.0
Fixed
4.2.18
Introduced
4.4.0
Fixed
4.4.10
Introduced
5.0.0
Fixed
5.0.4