CVE-2021-32037

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32037

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32037.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32037

Aliases

BIT-mongodb-2021-32037

Related

UBUNTU-CVE-2021-32037

Published

2021-11-24T16:15:13Z

Modified

2025-01-14T09:15:39.482565Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.

References

https://jira.mongodb.org/browse/SERVER-59071

Affected packages

Git / github.com/mongodb/mongo

Affected ranges

Type: GIT
Repo: https://github.com/mongodb/mongo
Events: Introduced

1184f004a99660de6f5e745573419bda8a28c0e9

Last affected

6d9ec525e78465dcecadcff99cce953d380fedc8

Affected versions

r5.*

r5.0.0

r5.0.1

r5.0.1-rc0

r5.0.2

r5.0.2-rc0