Description

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28

Remediation

References

CVE-2021-32036

Related Vulnerabilities

WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)

PostgreSQL Numeric Errors Vulnerability (CVE-2010-4015)

ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-6578)

MySQL CVE-2018-2771 Vulnerability (CVE-2018-2771)

Joomla Improper Authentication Vulnerability (CVE-2022-23795)

Severity

High

Classification

CVE-2021-32036 CWE-770 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Tags

Missing Update Known Vulnerabilities