An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
{ "binaries": [ { "binary_version": "1:2.4.9-1ubuntu2", "binary_name": "mongodb" }, { "binary_version": "1:2.4.9-1ubuntu2", "binary_name": "mongodb-clients" }, { "binary_version": "1:2.4.9-1ubuntu2", "binary_name": "mongodb-dev" }, { "binary_version": "1:2.4.9-1ubuntu2", "binary_name": "mongodb-server" } ] }
{ "binaries": [ { "binary_version": "1:3.6.3-0ubuntu1.4", "binary_name": "mongodb" }, { "binary_version": "1:3.6.3-0ubuntu1.4", "binary_name": "mongodb-clients" }, { "binary_version": "1:3.6.3-0ubuntu1.4", "binary_name": "mongodb-server" }, { "binary_version": "1:3.6.3-0ubuntu1.4", "binary_name": "mongodb-server-core" } ] }
{ "binaries": [ { "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3", "binary_name": "mongodb" }, { "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3", "binary_name": "mongodb-clients" }, { "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3", "binary_name": "mongodb-server" }, { "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3", "binary_name": "mongodb-server-core" } ] }