Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-20330

Опубликовано: 15 дек. 2021
Источник: redhat
CVSS3: 6.5

Описание

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

A denial of service attack was found in MongoDB. An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Update Infrastructure 3 for Cloud ProvidersmongodbWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2035009mongodb: specific replication command with malformed oplog entries can crash secondaries

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-20330

CVSS3: 6.5
ubuntu
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

nvd логотип

CVE-2021-20330

CVSS3: 6.5
nvd
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

debian логотип

CVE-2021-20330

CVSS3: 6.5
debian
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can ...

github логотип

GHSA-8jvf-jqg4-r6h2

CVSS3: 6.5
github
около 4 лет назад

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6.

6.5 Medium

CVSS3