Candidate: CVE-2021-20330
PublicDate: 2021-12-15 13:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20330
 https://jira.mongodb.org/browse/SERVER-36263
Description:
 An attacker with basic CRUD permissions on a replicated collection can run
 the applyOps command with specially malformed oplog entries, resulting in a
 potential denial of service on secondaries. This issue affects MongoDB
 Server v4.0 versions prior to 4.0.25; MongoDB Server v4.2 versions prior to
 4.2.14; MongoDB Server v4.4 versions prior to 4.4.6.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]


Patches_mongodb:
upstream_mongodb: needs-triage
trusty/esm_mongodb: needs-triage
trusty_mongodb: ignored (out of standard support)
xenial_mongodb: ignored (out of standard support)
bionic_mongodb: needs-triage
focal_mongodb: needs-triage