VDB
CVE-2021-32036
CVE-2021-32036
PUBLISHED
An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28
EPSS 0.15% · 35.6th percentile
Risk Scores
EPSS Score
0.15%
35.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | mongodb | 2.0.0, 4.4.0, 5.0.0 |
| Bitnami | mongodb | 2.0.0, 4.4.0, 5.0.0 |
Exploit Intelligence
- https://lists.debian.org/debian-lts-announce/2025/07/msg00005.html (circl)
- https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 (circl)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320 (circl)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-5406321 (circl)
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBANGULAR-5406322 (circl)
- https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/ (circl)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDKFLKJ6VZKL52AFVW2OVZRMJWHMW55K/ (circl)
- CIRCL published-proof-of-concept: CVE-2023-26116 (circl-sighting)
- CIRCL seen: CVE-2023-26116 (circl-sighting)
…and 1 more exploits
Timeline
- Feb 4, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 30, 2023 PoC Published
- Apr 5, 2023 EPSS Score