Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-20330

Опубликовано: 15 дек. 2021
Источник: nvd
CVSS3: 6.5
CVSS2: 4
EPSS Низкий

Описание

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.0.25 (исключая)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Версия от 4.2.0 (включая) до 4.2.14 (исключая)
cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*
Версия от 4.4.0 (включая) до 4.4.6 (исключая)

EPSS

Процентиль: 59%
0.00378
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20
CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2021-20330

CVSS3: 6.5
ubuntu
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

redhat логотип

CVE-2021-20330

CVSS3: 6.5
redhat
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

debian логотип

CVE-2021-20330

CVSS3: 6.5
debian
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can ...

github логотип

GHSA-8jvf-jqg4-r6h2

CVSS3: 6.5
github
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6.

EPSS

Процентиль: 59%
0.00378
Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-20
CWE-20