1. Home
  2. CVE Database
  3. CVE-2021-32036
MEDIUM · 5.4

CVE-2021-32036

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. ...

Vulnerability Description

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.3; MongoDB Server v4.4 versions prior to and including 4.4.9; MongoDB Server v4.2 versions prior to and including 4.2.16 and MongoDB Server v4.0 versions prior to and including 4.0.28

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
MongodbMongodb>= 2.0.0, < 4.2.18

Related Weaknesses (CWE)

CWE-770

References

FAQ

What is CVE-2021-32036?

CVE-2021-32036 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. ...

How severe is CVE-2021-32036?

CVE-2021-32036 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32036?

Check the references section above for vendor advisories and patch information. Affected products include: Mongodb Mongodb.