Published: 04/02/2022 Updated: 23/01/2024

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28

Vulnerable Product	Search on Vulmon	Subscribe to Product
mongodb mongodb

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention This may result in denial of service and in rare cases could result in id field collisions ...

CWE-770 https://jira.mongodb.org/browse/SERVER-59294 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-32036

CVE-2021-32036

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect