CVE-2021-32036
Denial of Service and Data Integrity vulnerability in features command
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28
Un usuario autenticado sin ninguna autorización específica puede ser capaz de invocar repetidamente el comando features donde a un alto volumen puede conllevar a un agotamiento de recursos o generar una alta contención de bloqueos. Esto puede resultar en una denegación de servicio y, en casos raros, podría resultar en colisiones del campo id
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-05-05 CVE Reserved
- 2022-02-04 CVE Published
- 2023-08-28 EPSS Updated
- 2024-11-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://jira.mongodb.org/browse/SERVER-59294 | 2024-01-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 2.0.0 < 4.2.18 Search vendor "Mongodb" for product "Mongodb" and version " >= 2.0.0 < 4.2.18" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 4.4.0 < 4.4.10 Search vendor "Mongodb" for product "Mongodb" and version " >= 4.4.0 < 4.4.10" | - |
Affected
| ||||||
Mongodb Search vendor "Mongodb" | Mongodb Search vendor "Mongodb" for product "Mongodb" | >= 5.0.0 < 5.0.4 Search vendor "Mongodb" for product "Mongodb" and version " >= 5.0.0 < 5.0.4" | - |
Affected
|