CVE-2021-32036

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32036

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32036.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32036

Aliases

BIT-mongodb-2021-32036

Related

UBUNTU-CVE-2021-32036

Published

2022-02-04T23:15:11Z

Modified

2025-02-18T22:28:35Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVSS Calculator

Summary

[none]

Details

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28

References

https://jira.mongodb.org/browse/SERVER-59294

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

695c67dff0ffc361b8568a13366f027caa406222

Fixed

f65ce5e25c0b26a00d091a4d24eec1a8b3a4c016