CVE-2021-32037

An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.
References
Link Resource
https://jira.mongodb.org/browse/SERVER-59071 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mongodb:mongodb:*:*:*:*:*:*:*:*

History

16 Sep 2024, 23:15

Type Values Removed Values Added
Summary (en) An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2. (en) An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.

23 Jan 2024, 17:15

Type Values Removed Values Added
Summary An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. An authorized user may trigger an invariant which may result in denial of service or server exit if a relevant aggregation request is sent to a shard. Usually, the requests are sent via mongos and special privileges are required in order to know the address of the shards and to log in to the shards of an auth enabled environment. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.2.

Information

Published : 2021-11-24 16:15

Updated : 2024-09-16 23:15


NVD link : CVE-2021-32037

Mitre link : CVE-2021-32037

CVE.ORG link : CVE-2021-32037


JSON object : View

Products Affected

mongodb

  • mongodb
CWE
CWE-617

Reachable Assertion