An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions before 4.0.27; MongoDB Server v4.2 versions before 4.2.16; MongoDB Server v4.4 versions before 4.4.9.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mongodb mongodb |