An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.
References
Link | Resource |
---|---|
https://jira.mongodb.org/browse/SERVER-59071 | Vendor Advisory |
Configurations
History
16 Sep 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2. |
23 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2. |
Information
Published : 2021-11-24 16:15
Updated : 2024-09-16 23:15
NVD link : CVE-2021-32037
Mitre link : CVE-2021-32037
CVE.ORG link : CVE-2021-32037
JSON object : View
Products Affected
mongodb
- mongodb
CWE
CWE-617
Reachable Assertion