Security Advisory

CVE-2021-20330

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-15 12:30:10

Last updated 2024-09-16 17:23:58

Assigner mongodb

State PUBLISHED

Description

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

← Browse all CVEs View on cve.org ↗