CVE-2021-20330 — Vulnetix

CVE-2021-20330 PUBLISHED

An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.

EPSS 0.38% · 59.7th percentile

Risk Scores

EPSS Score

0.38%

59.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	mongodb	4.0.0, 4.2.0, 4.4.0
Bitnami	mongodb	4.0.0, 4.4.0, 4.2.0

Exploit Intelligence

https://jira.mongodb.org/browse/SERVER-36263 (circl)

Timeline

Dec 15, 2021 CVE Published
Dec 16, 2021 EPSS Score
Feb 8, 2022 EPSS Score
Apr 4, 2022 EPSS Score
May 28, 2022 EPSS Score
Jul 22, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Jan 1, 2023 EPSS Score
Feb 24, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 20, 2023 EPSS Score
Jun 13, 2023 EPSS Score

References

https://jira.mongodb.org/browse/SERVER-36263 url
https://nvd.nist.gov/vuln/detail/CVE-2021-20330 url

Open in Interactive Console →