An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
{ "binaries": [ { "binary_name": "mongodb", "binary_version": "1:2.4.9-1ubuntu2" }, { "binary_name": "mongodb-clients", "binary_version": "1:2.4.9-1ubuntu2" }, { "binary_name": "mongodb-dev", "binary_version": "1:2.4.9-1ubuntu2" }, { "binary_name": "mongodb-server", "binary_version": "1:2.4.9-1ubuntu2" } ] }
{ "binaries": [ { "binary_name": "mongodb", "binary_version": "1:3.6.3-0ubuntu1.4" }, { "binary_name": "mongodb-clients", "binary_version": "1:3.6.3-0ubuntu1.4" }, { "binary_name": "mongodb-server", "binary_version": "1:3.6.3-0ubuntu1.4" }, { "binary_name": "mongodb-server-core", "binary_version": "1:3.6.3-0ubuntu1.4" } ] }
{ "binaries": [ { "binary_name": "mongodb", "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3" }, { "binary_name": "mongodb-clients", "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3" }, { "binary_name": "mongodb-server", "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3" }, { "binary_name": "mongodb-server-core", "binary_version": "1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3" } ] }