CVE-2021-20333

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-20333
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20333.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20333
Aliases
Downstream
Published
2021-07-23T12:15:08.453Z
Modified
2026-04-11T23:33:52.711243Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10.

References

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type
GIT
Repo
https://github.com/mongodb/mongo
Events
Introduced
a57d8e71e6998a2d0afde7edc11bd23e5661c915
Fixed
39c200878284912f19553901a6fea4b31531a899
Introduced
3b07af3d4f471ae89e8186d33bbb1d5259597d51
Fixed
3f68a848c68e993769589dc18e657728921d8367
Introduced
a4b751dcf51dd249c5865812b390cfd1c0129c30
Fixed
88276238fa97b47c0ef14362b343c5317ecbd739
Database specific 
{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.20"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.21"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.10"
        }
    ]
}

Affected versions

r3.*
r3.6.0
r3.6.1
r3.6.1-rc0
r3.6.1-rc1
r3.6.10
r3.6.10-rc0
r3.6.10-rc1
r3.6.11
r3.6.11-rc0
r3.6.11-rc1
r3.6.11-rc2
r3.6.12
r3.6.12-rc0
r3.6.12-rc1
r3.6.13
r3.6.13-rc0
r3.6.13-rc1
r3.6.14
r3.6.14-rc0
r3.6.15
r3.6.15-rc0
r3.6.15-rc1
r3.6.16
r3.6.16-rc0
r3.6.17
r3.6.17-rc0
r3.6.18
r3.6.18-rc0
r3.6.19
r3.6.19-rc0
r3.6.2
r3.6.2-rc0
r3.6.20-rc0
r3.6.20-rc1
r3.6.3
r3.6.3-rc0
r3.6.3-rc1
r3.6.4
r3.6.4-rc0
r3.6.5
r3.6.5-rc0
r3.6.6
r3.6.6-rc0
r3.6.7
r3.6.7-rc0
r3.6.7-rc1
r3.6.8
r3.6.8-rc0
r3.6.8-rc1
r3.6.9
r3.6.9-rc0
r4.*
r4.0.0
r4.0.1
r4.0.1-rc0
r4.0.1-rc1
r4.0.10
r4.0.10-rc0
r4.0.10-rc1
r4.0.11
r4.0.11-rc0
r4.0.12
r4.0.12-rc0
r4.0.12-rc1
r4.0.12-rc2
r4.0.13
r4.0.13-rc0
r4.0.14
r4.0.14-rc0
r4.0.14-rc1
r4.0.15
r4.0.15-rc0
r4.0.16
r4.0.16-rc0
r4.0.17
r4.0.17-rc0
r4.0.18
r4.0.18-rc0
r4.0.19
r4.0.19-rc0
r4.0.2
r4.0.2-rc0
r4.0.20
r4.0.20-rc0
r4.0.21-rc0
r4.0.3
r4.0.3-rc0
r4.0.4
r4.0.4-rc0
r4.0.4-rc1
r4.0.4-rc2
r4.0.5
r4.0.5-rc0
r4.0.5-rc1
r4.0.6
r4.0.6-rc0
r4.0.6-rc1
r4.0.7
r4.0.7-rc0
r4.0.7-rc1
r4.0.8
r4.0.8-rc0
r4.0.9
r4.0.9-rc0
r4.2.0
r4.2.1
r4.2.1-rc0
r4.2.2
r4.2.2-rc0
r4.2.2-rc1
r4.2.3
r4.2.3-rc0
r4.2.3-rc1
r4.2.4
r4.2.4-rc0
r4.2.5
r4.2.5-rc0
r4.2.5-rc1
r4.2.6
r4.2.6-rc0
r4.2.7
r4.2.7-rc0
r4.2.7-rc1
r4.2.8
r4.2.8-rc0
r4.2.9
r4.2.9-rc0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20333.json"
vanir_signatures 
[
    {
        "digest": {
            "line_hashes": [
                "77860258341409220799922215062131751336",
                "147958388454004390822551521199138068728",
                "327899692832519544496895309793869289587",
                "115419919340494465662847379878902447472",
                "148673225429936511839027811065355279088",
                "163490305453244256352845768390449890343",
                "152179425338989020957728201558694306523"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/mongodb/mongo/commit/88276238fa97b47c0ef14362b343c5317ecbd739",
        "target": {
            "file": "src/mongo/db/repl/initial_syncer.cpp"
        },
        "id": "CVE-2021-20333-6f274790",
        "signature_type": "Line"
    }
]
vanir_signatures_modified 
"2026-04-11T23:33:52Z"