CVE-2021-20330

🗓️ 15 Dec 2021 12:30:10Reported by mongodbType

Attacker with basic CRUD permissions can create denial of service on secondaries in MongoDB Server v4.0, 4.2, and 4.4

Reporter	Title	Published	Views	Family All 29
Circl	CVE-2021-20330	15 Dec 202116:14	–	circl
CNNVD	Mongodb Server 输入验证错误漏洞	15 Dec 202100:00	–	cnnvd
CNVD	MongoDB Server Denial of Service Vulnerability (CNVD-2021-101988)	19 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-20330 Specific replication command with malformed oplog entries can crash secondaries	15 Dec 202112:30	–	cvelist
Debian CVE	CVE-2021-20330	15 Dec 202112:30	–	debiancve
EUVD	EUVD-2021-7750	3 Oct 202520:07	–	euvd
MongoDB	Specific replication command with malformed oplog entries can crash secondaries	15 Dec 202100:00	–	mongodb
NVD	CVE-2021-20330	15 Dec 202113:15	–	nvd
OpenVAS	MongoDB DoS Vulnerability (SERVER-36263) - Linux	16 Dec 202100:00	–	openvas
OpenVAS	MongoDB DoS Vulnerability (SERVER-36263) - Windows	16 Dec 202100:00	–	openvas

NVD

Node

mongodb mongodbRange4.0.0–4.0.25

mongodb mongodbRange4.2.0–4.2.14

mongodb mongodbRange4.4.0–4.4.6

[
  {
    "defaultStatus": "unaffected",
    "product": "MongoDB Server",
    "vendor": "MongoDB Inc.",
    "versions": [
      {
        "lessThan": "4.0.27",
        "status": "affected",
        "version": "4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.16",
        "status": "affected",
        "version": "4.2",
        "versionType": "custom"
      },
      {
        "lessThan": "4.4.9",
        "status": "affected",
        "version": "4.4",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.mongodb.org/browse/SERVER-36263

21 Nov 2024 05:46Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24

CVSS 3.16.5

EPSS0.00378

SSVC

CWE-20